worms botnets and the underground economy
play

Worms, Botnets and The Underground Economy CS 161 - Computer - PowerPoint PPT Presentation

Jun 28, 2023 •251 likes •445 views

Worms, Botnets and The Underground Economy CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs: John Bethencourt, Erika Chin, Matthew Finifter, Cynthia Sturton, Joel Weinberger http://inst.eecs.berkeley.edu/~cs161/ April 16,

  1. Worms, Botnets and The Underground Economy CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs: John Bethencourt, Erika Chin, Matthew Finifter, Cynthia Sturton, Joel Weinberger http://inst.eecs.berkeley.edu/~cs161/ April 16, 2010

  2. Further Worm Developments • Malicious payloads (disk-trashing) • Global outbreaks within 24 hours of vulnerability disclosure • “Server” exploited for infection is a NIDS • Single outbreak of > 15 million infectees • “ Counterworm ” released to clean up original worm … – … oh and install a root backdoor • DoS’ing Windows Update as a worm spreads • Worms that use Google to search for victims

  3. Thinking About Worm Defenses • We can methodically explore possible worm defenses by considering dI ( t ) = " # I ( t ) # S ( t ) dt N • Strategy #1: reduce contact rate β to slow a worm’s propagation … • … how can we reduce it? – Decrease N so that random scanning less effective • Turn off unneeded services; aggressive patch management – Increase size of address space (IPv6) • Worm countermeasures? – Heuristics to guess likely address use patterns – Locate likely victims via DNS, Google – Suppress scans (limit connection “fanout”) – Isolate susceptibles (install firewall blocks upon outbreak)

  4. Thinking About Defenses, con’t dI ( t ) = " # I ( t ) # S ( t ) dt N • Reduce I(t) – Identify and isolate (“quarantine”) infected hosts • Reduce S(t) – Dynamically push out patches • What did Slammer teach us about employing dynamic defenses? – They have to be fully automated • No human in the loop – Thus: highly accurate

  5. Worm Take-Aways • Potentially enormous reach/damage ⇒ Weapon • Hard to get right • Emergent behavior / surprising dynamics • Institutional antibodies • Propagation faster than human response • What about fighting a worm using a worm? – “White worm” spreads to disinfect/patch – Experience shows: likely not to behave predictably! – Additional issues: legality, collateral damage, target worm having already patched so white worm can’t access victim

  6. Botnets • Collection of compromised machines (bots) under (unified) control of an attacker (botmaster) • Method of compromise decoupled from method of control – Launch a worm / virus / drive-by infection / etc. • Upon infection, new bot “phones home” to rendezvous w/ botnet command-and-control ( C&C ) • Lots of ways to architect C&C: – Star topology; hierarchical; peer-to-peer – Encrypted/stealthy communication • Botmaster uses C&C to push out commands and updates

  7. Botnets, con’t • Constitute the Great Modern Threat of Internet security • Why botnets rather than worms? – Greater control – Less emergent – Quieter – Optimal flexibility • Why the shift towards valuing these instead of seismic worm infection events? $$ Profit $$ • How can attackers leverage scale to monetize botnets?

  8. Monetizing Botnets • General malware monetization – Keylogging: steal financial/email/social network accounts – Transaction generators • Monetization that leverages scale – DDoS (extortion) – Spam (discussed next week) – Click fraud – Scam infrastructure • Hosting web pages (e.g., phishing) • Redirection to evade blacklisting/takedown (DNS) • Which of these cause serious pain for infected user? – None . Users have little incentive to prevent ( ⇒ externality )

  15. Marketplace Ads for Services

  16. Marketplace Ads for Goods

  17. Marketplace Ads for Goods, con’t

  18. The Underground Economy • Why is its emergence significant? • Markets enable efficiencies – Specialization : individuals rewarded for doing a single thing particularly well • Lowers barrier-to-entry – Only need a single skill – Some underground market activities are legal • Competition spurs innovation – Accelerates arms race – Defenders must assume a more pessimistic threat model • Facilitates non-$ Internet attacks (political, nation-state) – Provides actors with cheap attack components – Provides stealthy actors with plausible cover

  19. The Underground Economy, con’t • What problems do underground markets face? • Markets only provide major efficiencies if they facilitate deals between strangers – Susceptible to infiltration • Depending on marketplace architecture, can present a target / single point of failure • By definition, deals are between crooks – Major issue of betrayal by “ rippers ”

Recommend

Malware: Viruses, Worms, Rootkits, Botnets Spring 2015

Malware: Viruses, Worms, Rootkits, Botnets Spring 2015

CSE 484 / CSE M 584: Computer Security and Privacy Malware: Viruses, Worms, Rootkits, Botnets Spring 2015 Franziska (Franzi) Roesner

403 views • 37 slides
Worms & Botnets CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin

Worms & Botnets CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin

Worms & Botnets CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ April 21, 2011 Announcements HKN reviewing today, 12:15PM Final exam

987 views • 31 slides
Malware: Worms and Botnets CS 161: Computer Security Prof. Vern Paxson TAs: Paul Bramsen, Apoorva

Malware: Worms and Botnets CS 161: Computer Security Prof. Vern Paxson TAs: Paul Bramsen, Apoorva

Malware: Worms and Botnets CS 161: Computer Security Prof. Vern Paxson TAs: Paul Bramsen, Apoorva Dornadula, David Fifield, Mia Gil Epner, David Hahn, Warren He, Grant Ho, Frank Li, Nathan Malkin, Mitar Milutinovic, Rishabh Poddar, Rebecca

700 views • 49 slides
Malware: Botnets, Viruses, and Worms Damon McCoy Slide Credit: Vitaly Shmatikov slide 1

Malware: Botnets, Viruses, and Worms Damon McCoy Slide Credit: Vitaly Shmatikov slide 1

Malware: Botnets, Viruses, and Worms Damon McCoy Slide Credit: Vitaly Shmatikov slide 1 Malware Malicious code often masquerades as good software or attaches itself to good software Some malicious programs need host programs

1.29k views • 86 slides
BotNets BotNets- Cybe Cyber T r Torrirism orrirism Ba Batt ttling ling th the t e thr

BotNets BotNets- Cybe Cyber T r Torrirism orrirism Ba Batt ttling ling th the t e thr

BotNets BotNets- Cybe Cyber T r Torrirism orrirism Ba Batt ttling ling th the t e thr hrea eats ts of inte of intern rnet et Assoc. Prof. Dr. Sureswaran Ramadass National Advanced IPv6 Center - Director Why Talk About Botnets?

722 views • 35 slides
FILARIAL WORMS Found mainly in tropical regions in Asia Threadlike worms live in the

FILARIAL WORMS Found mainly in tropical regions in Asia Threadlike worms live in the

FILARIAL WORMS Found mainly in tropical regions in Asia Threadlike worms live in the blood and lymph vessels of birds and mammals. They are transmitted by mosquitoes. Cause severe infections Worms block passage of lymph

390 views • 8 slides
Early DoS and Worms Examples of recent worms and DoS attacks Slammer Worm Shaft DoS attack

Early DoS and Worms Examples of recent worms and DoS attacks Slammer Worm Shaft DoS attack

Outline Introduction to worms Potential damage that *could* be caused (theoretical) Early DoS and Worms Examples of recent worms and DoS attacks Slammer Worm Shaft DoS attack Ben Wilde Mstream DoS attack 7 February, 2005

718 views • 14 slides
Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 5 Viruses & Worms, Botnets, Todays Threats Viruses & Worms Viruses Program

693 views • 31 slides
Botnets CS 598: Advanced Internet Presented by: Imranul Hoque How to Study Botnets? Passive

Botnets CS 598: Advanced Internet Presented by: Imranul Hoque How to Study Botnets? Passive

Botnets CS 598: Advanced Internet Presented by: Imranul Hoque How to Study Botnets? Passive analysis Study spam e-mail, DNS queries by bot-infected machines, DNS blacklists, analyze network traffic, etc. Infiltration Todays

686 views • 15 slides
NECST laboratory BOTNETS FUNDING ETC. . @syssecproject SysSec Project:

NECST laboratory BOTNETS FUNDING ETC. . @syssecproject SysSec Project:

PHOENIX & CERBERUS We haz botnets! #Honeynet2014 Stefano Schiavoni, Edoardo Colombo Federico Maggi Lorenzo Cavallaro Stefano Zanero Politecnico Di Milano & Royal Hollway, University of London NECST laboratory BOTNETS FUNDING ETC.

1.28k views • 107 slides
The Underground Economy and Ecosystem of SMS Based Cybercrime Denis Maslennikov, Senior Malware

The Underground Economy and Ecosystem of SMS Based Cybercrime Denis Maslennikov, Senior Malware

The Underground Economy and Ecosystem of SMS Based Cybercrime Denis Maslennikov, Senior Malware Analyst, Kaspersky Lab 15.06.2011, 23 rd Annual FIRST Conference, Vienna, Austria Agenda SMS based threats Ransomware SMS Trojans The

1.39k views • 76 slides
BOTNETS GRAD SEC NOV 21 2017 TODAYS PAPERS BOTNETS Collection of compromised machines

BOTNETS GRAD SEC NOV 21 2017 TODAYS PAPERS BOTNETS Collection of compromised machines

BOTNETS GRAD SEC NOV 21 2017 TODAYS PAPERS BOTNETS Collection of compromised machines (bots) under unified control of an attacker (botmaster) Method of compromise decoupled from method of control Launch a worm/virus, etc.:

790 views • 16 slides
Basic e-mail forensics John R. Levine & Neil Schwartzman Underground Economy#13 September

Basic e-mail forensics John R. Levine & Neil Schwartzman Underground Economy#13 September

1 Coalition Against Unsolicited Commercial Email Basic e-mail forensics John R. Levine & Neil Schwartzman Underground Economy#13 September 2013 2 Where is everything? These Slides : http://www.taugh.com/ue13/ Resources :

942 views • 91 slides
Detecting Botnets with Temporal Persistence Jaideep Chandrashekar Frederic

Detecting Botnets with Temporal Persistence Jaideep Chandrashekar Frederic

Detecting Botnets with Temporal Persistence Jaideep Chandrashekar Frederic Giroire Nina Taft Eve Schooler Mascotte project I3S (CNRS, Univ. of Nice) Intel Labs INRIA Sophia Antipolis Botnets: Why care? Botnet

888 views • 46 slides
Botnets: a Growing Threat Increasing awareness, but there is a dearth of hard facts especially

Botnets: a Growing Threat Increasing awareness, but there is a dearth of hard facts especially

Studying Spamming Botnets Using BotLab Arvind Krishnamurthy Joint work with: John John, Alex Moshchuk, Steve Gribble University of Washington Botnets: a Growing Threat Increasing awareness, but there is a dearth of hard facts especially

291 views • 15 slides
Bot BotNets Nets- Cy Cyber ber To Torr rriris irism Battling Battling the the threats

Bot BotNets Nets- Cy Cyber ber To Torr rriris irism Battling Battling the the threats

Bot BotNets Nets- Cy Cyber ber To Torr rriris irism Battling Battling the the threats threats of of interne internet Assoc. Prof. Dr. Sureswaran Ramadass National Advanced IPv6 Center - Director Why Talk About Botnets? Because Bot

379 views • 27 slides
On Instant Messaging Worms, Analysis and Countermeasures Mohammad Mannan School of Computer

On Instant Messaging Worms, Analysis and Countermeasures Mohammad Mannan School of Computer

COMP 4108 Presentation - Sept 20, 2005 On Instant Messaging Worms, Analysis and Countermeasures Mohammad Mannan School of Computer Science Carleton University, Canada Goals of this talk Discuss a few IM worms Analyze well-known

402 views • 26 slides
fka Can of Worms Harrison Community Center June 13, 2016 Purpose To introduce the

fka Can of Worms Harrison Community Center June 13, 2016 Purpose To introduce the

fka Can of Worms Harrison Community Center June 13, 2016 Purpose To introduce the potential Twin Ports Interchange (TPI) project. Jct I-35/I- 535/Hwy 53 fka Can of Worms I-535 at Garfield Avenue Gather community input

225 views • 18 slides
Malware: Worms CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs: John

Malware: Worms CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs: John

Malware: Worms CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs: John Bethencourt, Erika Chin, Matthew Finifter, Cynthia Sturton, Joel Weinberger http://inst.eecs.berkeley.edu/~cs161/ April 14, 2010 The Problem of Worms

582 views • 22 slides
Botnets Secret Puppetry With Computers Balaji Prasad T.K ( bpt@email.arizona.edu ) Nupur

Botnets Secret Puppetry With Computers Balaji Prasad T.K ( bpt@email.arizona.edu ) Nupur

Botnets Secret Puppetry With Computers Balaji Prasad T.K ( bpt@email.arizona.edu ) Nupur Maheshwari ( nupurm@email.arizona.edu ) Department of Computer Science University of Arizona April 22, 2012 What are Botnets? 1 Technical Overview 2

895 views • 37 slides
More on Malware CS 136 Computer Security Peter Reiher March 4, 2008 Lecture 14 Page 1 CS

More on Malware CS 136 Computer Security Peter Reiher March 4, 2008 Lecture 14 Page 1 CS

More on Malware CS 136 Computer Security Peter Reiher March 4, 2008 Lecture 14 Page 1 CS 136, Winter 2008 Outline Introduction Viruses Trojan horses Trap doors Logic bombs Worms Botnets Spyware Some

701 views • 53 slides
The four-story, underground Capitol Extension in Austin, Texas for Capitol Building.

The four-story, underground Capitol Extension in Austin, Texas for Capitol Building.

July 26 th , 2017 To: Landmarks Preservation Board From: Ron Taylor/Structural Engineer Re. Answers to the questions: Going underground is not practical or feasible The construction challenges of going underground are not unusual. Many museums

533 views • 6 slides
Spamming Botnets: Signatures and Characteris5cs Xie et al.

Spamming Botnets: Signatures and Characteris5cs Xie et al.

Spamming Botnets: Signatures and Characteris5cs Xie et al. Presented by Kyle Mar5n <kyle.mar5n@knights.ucf.edu> The Problems Botnets The Problems

823 views • 36 slides
Underground Laboratories A rapid expansion of the numbers // explosion of interest in underground

Underground Laboratories A rapid expansion of the numbers // explosion of interest in underground

Bernard Sadoulet Dept. of Physics /LBNL UC Berkeley UC Institute for Nuclear and Particle Astrophysics and Cosmology (INPAC) Underground Laboratories A rapid expansion of the numbers // explosion of interest in underground science Motivations

586 views • 43 slides

More recommend