Scribd
Upload
27 views17 pages

Unit - 2

Uploaded by

knoxx
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
27 views17 pages

Unit - 2

Uploaded by

knoxx
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 17

Unit – 2

1
PORT SCANNER

2
Port Scanner
• A port scanner sends network requests to a
range of ports on the target device.
• It observes the responses to determine
whether the ports are open (accepting
connections), closed (rejecting connections),
or filtered (blocked by a firewall).

3
Port Scanner
• Sample Port Scanner Code

4
BOTNET
What is a Bot?
• A malware instance that runs
autonomously and
automatically on a
compromised computer
(zombie) without owner’s
consent
• Profit-driven, professionally
written, widely propagated
• You might have seen them
before in chat rooms, online
games, etc.
What is a Botnet
• Botnet (Bot Army): network of bots controlled
by criminals
• Definition: “A coordinated group of malware
instances that are controlled by a botmaster
via some C&C channel”
– Coordinated: do coordinated actions
– Group: yes, it’s a group of bots!
– Botmaster: meet the cybercriminal
– C&C channel: command and control channel
7
CS660 - Advanced Information Assurance - 8
UMassAmherst
Structures
• Centralized • Distributed
– IRC channels – P2P
– HTTP

CS660 - Advanced Information Assurance - 9


UMassAmherst
Breadth
• Numerous variations of botnets
– According to a study in 2013 by Incapsula, more
than 61 percent of all Web traffic is now generated
by bots
– 25% of Internet PCs are part of a botnet!” ( - Vint
Cerf)
• It’s a real threat!

10
What is the Command and Control (C&C)
Channel?
• The Command and
Control (C&C) channel is
needed so bots can
receive their commands
and coordinate
fraudulent activities
• The C&C channel is the
means by which
individual bots form a
botnet
Amercia’s 10 Most Wanted Botnets
1. Zeus (3.6 million)
2. Koobface (2.9 million)
3. TidServ (1.5 million)
4. Trojan.Fakeavalert (1.4 million)
5. TR/DIdr.Agent.JKH (1.2 million)
6. Monkif (520,000)
7. Hamweq (480,000)
8. Swizzor (370,000)
9. Gammima (230,000)
10. Conficker (210,000)

Source
What are they used for?

• Distributed Denial-of-Service Attacks


• Spam
• Phishing
• Information Theft
• Distributing other malware
SSH BotNet
• Sample SSH BotNet

14
KEYLOGGER

15
KeyLogger
• Keylogger is a type of monitoring software
designed to record keystrokes made by a user.

• This keylogger records the information you


type into a website or application and send to
back to a third party whether that is a
criminal, law enforcement or IT department.

16
KeyLogger
• Sample Key Logger

17

You might also like