 |
| Attorney General in the presentation of the operation |
has been in the news these past few days the new way of combating a botnet that has used the FBI. After obtaining judicial authorization under the operation called Adeona by DNS servers in the United States, indicating a different direction, the infected computers address their requests to a different headquarters (and controlled by the FBI) \u200b\u200bwhich usually uses the Coreflood botnet, to issue instructions to uninstall it.
Coreflood
security keys and picked up all sorts of user's bank details and sent them to remote servers. Allegedly infecting 2 million computers in the U.S. (not many more) and the data collected could exceed 50 GB.
is a novel way to combat this threat, which, margin of its privacy implications in the future may be blocked by the creators of botnets with strategies such as making deleted files from your computer to receive an instruction is not authenticated.
To better understand how it is tackling to this botnet will expand the concept.
army is a small piece of software that live and evolve organically, but not separately, but have a headquarters capable of giving orders and coordinate their functions, but are separated by thousands of kilometers, running through a P2P structure.
Its purpose may be multiple, and it will evolve that this risk does increase as they can mutate to change their fate.
What are the characteristics?
In an attempt to evade the location and its deactivation are characterized by work in star schemas, using multiple servers, with hierarchical organization and random.
How are they structured?
As there are different ways but, typically have a scheme similar to the following to prevent it being closed or blocked. We can distinguish several levels:
- C & C (Command & Control) or Turf: It is usually located in a country with few legal safeguards, such as Russia and Iran (among others) and based on an Apache server (Software Libre).
- main Nginx Proxy: nginx is an HTTP server capable of dealing opensource multiple requests. It is the first layer of concealment.
- side proxies Nginx: Spread around the world and often changing its location, hidden from the main proxy.
- Public Nodes
- Infected computers, also called zombies. Send encrypted information through P2P protocols similar to those used by edonkey or kademilia (part of emule).
What are your main goals?
- DDoS attacks (Distributed Denial of Service).
- Headquarters Since the controls sometimes millions of computers, and access to their resources and their broadband is the ideal tool for directing an attack requests to an online service.
- Spamming:
- The bot installed on each computer takes over all email addresses that exist in the computer to move them to a large file intended for spam (junk mail) also can use your own user's email client to send emails with a profile not recognized as spam by mail filters.
- Sniffing:
- Analysis of the data packets sent from your computer to obtain information such as passwords or habits navigation.
- Keylogging:
- The bot logs keystrokes on the keyboard and sends it to Headquarters that depends plain text format, which will analyze it to extract all possible information (passwords, passwords, account numbers, etc.).
- Impersonation or phishing:
- These bots can acquire so much data that they can impersonate Internet of a person and through this make other attacks or cyberdelitos without fear of being identified since all the effects, acting as another person.
- by click fraud:
- bots installed on thousands of computers access invisibly to a website through a link that, originally belonging to an advertising banner, thus adding virtual the number of hits and thus advertising revenue received by a person.
Some botnets famous:
 |
| botnet-infected computers Zeus |
- BREDOLAB -> 30 million zombies.
- Mariposa -> 12 million zombies.
- Conficker -> 11 million zombies.
- Zeus -> between 5 and 12 million zombies.
About:
0 comments:
Post a Comment