• Home

  • Documents

  • 0wning the koobface botnet. intro web 2.0 botnet spreads through social networks –facebook...

If you can't read please download the document

0wning the koobface botnet. intro web 2.0 botnet spreads through social networks –facebook –myspace –twitter, etc

Embed Size (px)

Citation preview

0wning the koobface botnet intro web 2.0 botnet spreads through social networks facebook myspace twitter, etc. koobface loader Social network (Facebook, Myspace, Twitter, etc.) spreader Personal information and credentials stealer Google accounts creator Facebook auto-registration module Search hijacker Fake AV module Web server component web server component makes every koobface zombie a web server serves the fake YouTube/Facebook pages serves the koobface loader what about it? installed on all koobface zombies as a system service ( webserver service) adds exemption in Windows Firewall for TCP port 80 (HTTP) reachable from the Internet which means further exposes koobface zombies to attacks from the Internet exposes the koobface botnet itself to attacks from the internet what kind of attack? security holes in the web server component buffer overflow auto-update buffer overflow very long string in HTTP request control of eip auto-update can be used to remotely update the koobface web server binary triggered by the following web requestmydomain.com/new_version.exe how it auto-updates when triggered download the new web server binary drop and execute a batch file stop the webserver service replace the existing web server binary restart the webserver service exploiting auto-update koobface blindly downloads updated binaries trigger auto-update to download arbitrary binaries new binary should cooperate nicely with the NT Service Controller where are the targets? revisiting the infection chain koobface sites koobface zombies create simple scripts to harvest all of the IP addresses 79,000+ zombies zombie distribution checklist web server vulnerabilities exploits list of targets take over? questions?


Botnet Dection system. Introduction Botnet problem Challenges for botnet detection

Botnet Dection system. Introduction Botnet problem Challenges for botnet detection

Documents
Botnet detection using correlated anomalies · deals with machine learning techniques and algorithms used for training botnet ... Botnet detection faces a number of ... Botnet detection

Botnet detection using correlated anomalies · deals with machine learning techniques and algorithms used for training botnet ... Botnet detection faces a number of ... Botnet detection

Documents
The Real Face of KOOBFACE: The Largest Web 2.0 Botnet ...vn.trendmicro.com/.../white-papers/wp_the-real-face-of-koobface.pdf · THE REAL FACE OF KOOBFACE: THE LARGEST WEB 2.0 BOTNET

The Real Face of KOOBFACE: The Largest Web 2.0 Botnet ...vn.trendmicro.com/.../white-papers/wp_the-real-face-of-koobface.pdf · THE REAL FACE OF KOOBFACE: THE LARGEST WEB 2.0 BOTNET

Documents
The Real Face of KOOBFACE: The Largest Web 2.0 Botnet Explained

The Real Face of KOOBFACE: The Largest Web 2.0 Botnet Explained

Documents
Botnet Classification

Botnet Classification

Documents
0wning Antivirus Alex Wheeler (alexbling@gmail) Neel Mehta (nmehta@iss)

0wning Antivirus Alex Wheeler (alexbling@gmail) Neel Mehta (nmehta@iss)

Documents
Tracing Botnet in Taiwan - FIRST Botnet Analysis Module (BAM) – C&C Tracer – Botnet Tracer The Botnet in Taiwan – Case Study Ⅰ IRC Botnet ... Tracing Botnet in Taiwan Author:

Tracing Botnet in Taiwan - FIRST Botnet Analysis Module (BAM) – C&C Tracer – Botnet Tracer The Botnet in Taiwan – Case Study Ⅰ IRC Botnet ... Tracing Botnet in Taiwan Author:

Documents
Anatomy of a Botnet - تواناAnatomy of a Botnet 1 Executive Summary ... Fueled by innovations like do-it-yourself botnet construction kits and rent-a-botnet business models, the

Anatomy of a Botnet - تواناAnatomy of a Botnet 1 Executive Summary ... Fueled by innovations like do-it-yourself botnet construction kits and rent-a-botnet business models, the

Documents
The Heart of KOOBFACE

The Heart of KOOBFACE

Technology
The Real Face Of KOOBFACE

The Real Face Of KOOBFACE

Technology
Blackjacking – 0wning the Enterprise via Blackberry

Blackjacking – 0wning the Enterprise via Blackberry

Documents
Botnet Tutorial

Botnet Tutorial

Documents
Your Botnet is My Botnet: Analysis of a Botnet Takeoverchris/research/doc/ccs09... · 2020-06-06 · Your Botnet is My Botnet: Analysis of a Botnet Takeover Brett Stone-Gross, Marco

Your Botnet is My Botnet: Analysis of a Botnet Takeoverchris/research/doc/ccs09... · 2020-06-06 · Your Botnet is My Botnet: Analysis of a Botnet Takeover Brett Stone-Gross, Marco

Documents
The Koobface Botnet and the Rise of Social Malware Kurt Thomas kthomas@cs.berkeley.edu David M. Nicol dmnciol@illinois.edu

The Koobface Botnet and the Rise of Social Malware Kurt Thomas [email protected] David M. Nicol [email protected]

Documents
Steelcon 2015 - 0wning the internet of trash

Steelcon 2015 - 0wning the internet of trash

Software
Exposing Koobface The World's Largest Botnet Dancho Danchev · Profiling the Koobface Gang –A Russian-Based Cybercrime-facilitating Group –KrotReal –active team member of Ali

Exposing Koobface The World's Largest Botnet Dancho Danchev · Profiling the Koobface Gang –A Russian-Based Cybercrime-facilitating Group –KrotReal –active team member of Ali

Documents
Social Media Cybercrime Case-Study: Facebook and Koobface

Social Media Cybercrime Case-Study: Facebook and Koobface

Documents
Your Botnet is My Botnet : Analysis of a Botnet Takeover

Your Botnet is My Botnet : Analysis of a Botnet Takeover

Documents
Gorynch botnet

Gorynch botnet

Documents
Botnet ppt

Botnet ppt

Documents
Koobface: Inside a Crimeware Network

Koobface: Inside a Crimeware Network

Documents
Show me the Money -- The Monetization of KOOBFACE

Show me the Money -- The Monetization of KOOBFACE

Technology
Botnet Architecture

Botnet Architecture

Technology
Your Botnet is My Botnet: Analysis of a Botnet Takeover · Your Botnet is My Botnet: Analysis of a Botnet Takeover Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin

Your Botnet is My Botnet: Analysis of a Botnet Takeover · Your Botnet is My Botnet: Analysis of a Botnet Takeover Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin

Documents
Botnet Infiltration

Botnet Infiltration

Documents
Spamhaus Botnet Threat Report 2019 - Amazon Web Services...Malware associated with botnet C&Cs in 2018 5 ... SPAMHAUS BOTNET THREAT REPORT 2019. Welcome to the Spamhaus Botnet Threat

Spamhaus Botnet Threat Report 2019 - Amazon Web Services...Malware associated with botnet C&Cs in 2018 5 ... SPAMHAUS BOTNET THREAT REPORT 2019. Welcome to the Spamhaus Botnet Threat

Documents
Your Botnet is My Botnet: Analysis of a Botnet Takeoverchris/research/doc/ccs09_botnet.pdf · Your Botnet is My Botnet: Analysis of a Botnet Takeover Brett ... (such as bank account

Your Botnet is My Botnet: Analysis of a Botnet Takeoverchris/research/doc/ccs09_botnet.pdf · Your Botnet is My Botnet: Analysis of a Botnet Takeover Brett ... (such as bank account

Documents
0wning Antivirus Alex Wheeler (alexbling@gmail.com) Neel Mehta (nmehta@iss.net)

0wning Antivirus Alex Wheeler ([email protected]) Neel Mehta ([email protected])

Documents
Your Botnet is My Botnet: Analysis of a Botnet TakeoverWhile botnets have been “hijacked” and studied previously, the Torpig botnet exhibits certain properties that make the analysis

Your Botnet is My Botnet: Analysis of a Botnet TakeoverWhile botnets have been “hijacked” and studied previously, the Torpig botnet exhibits certain properties that make the analysis

Documents
Mariposa Botnet

Mariposa Botnet

Documents