Bots Used to Facilitate Spam by lgm41816

VIEWS: 14 PAGES: 22

									Bots Used to Facilitate
        Spam


     Matt Ziemniak
                     Outline

•   Discuss Snort lab improvements
•   Spam as a vehicle behind cyber threats
•   Bots and botnets
•   What can be done
               Lab Improvements

• Build more complex rules
• Provide more interaction with snort.conf file and
  installation
• Explain how snort works in real-world setting
• Make both labs snort-related
         Cyber-related Crimes

• Phishing

• Spyware

• Nigerian scams

• Child pornography
        Why Spam is an Issue

• Loss of employee
  production
• Money spent on
  hardware/software
• Dissemination of
  viruses, spyware,
  and phishing
  schemes
   Spam- Distribution in the Past

• Open relay mail servers

• Open HTTP proxies

• Worms/mass mailers
       Spam- A Better Method

• Find a way to automate the spamming process
  while remaining anonymous
                  What is a Bot

• Short for robot. A computer program that
  performs a function such as forwarding e-mail,
  responding to newsgroup messages, or
  searching for information.



    Source: http://www.computeruser.com/resources/dictionary
        Common uses for a Bot

• Web crawlers/search agents

• Interacting with online games

• Monitoring IRC channels


      Only limited by imagination
                Malicious Bots

•   Keylogging
•   Denial-of-Service Attacks
•   Identity Theft (hosting spoofed websites)
•   Spread malware


            GENERATE SPAM!
               Types of Bots

• Internet Relay Chat (IRC)

• Hyper-Text Transfer Protocol (HTTP)

• P2P (Peer-to-Peer file sharing)
                What is IRC

• An online system that allows real-time
  communications
• Consists of an IRC server and an IRC client;
  the connection between the two is called a
  channel
• Members join chat rooms to discuss various
  topics (may be password protected)
• Can be used for file sharing
                 IRC Bots

• Program that interacts with an IRC server in
  an automated fashion
• Typically used to monitor a channel when an
  individual is away from the computer
• Can be modified by anyone with programming
  skills (C++, PERL, DELPHI )
• IRC has its own scripting language
       From Bots to Botnets
• An individual gains control of many bots that
  reside on different users’ computers
• Controlled by a “bot master” who uses a
  command/control
• The bots connect to the IRC server and wait
  for commands from the bot master

                 Bot Master


Bot               Bot              Bot
                 HTTP Bots


• Commonly used to generate spam
• User typically visits website and downloads a
  trojan or other piece of malware
• Connection is made to a web server operated
  by a bot master
• More software is downloaded onto user’s
  computer
           HTTP Botnet Infection


Browser
 Exploit           Trojan
                  Download

                              Bot Client
                             Downloaded
           Methods to spam

• Use compromised computer as spam proxy

• Use compromised computer as mail relay

• Obtain email addresses from compromised
  computer (harvesting)
        Difficult to Trace Origin

• HTTP redirects
• Path to actual site leads to IP’s across
  different countries (bouncing)
• Compromised proxies don’t log connections
• Tank farms act like middlemen by pushing the
  spam through proxies
                    Growing Concern

• "At the end of last year we knew of about
  2,000 botnets. Towards the end of this year,
  we're looking at about 300,000,".




Source: Jesse Villa, Frontbridge Technologies
http://www.pcworldmalta.com/specials/yearend04/goodandbad.htm.
        Importance of Research

• Gathering intelligence regarding botnet
  activity
• Use tools such as honeypots, intrusion
  detection systems, packet sniffers
• Perform trends analysis on data, source
  information, log files (firewall and IDS)
 How Industry can Help

      • Educate employees
  • Increase security measures
   • Develop security products
• Share information and resources
Questions

								
To top