Detecting Botnet Membership

Published on April 21, 2007 in Network Security, Spam and Viruses. 0 Comments

More and more often we hear about botnets being responsible for a larger piece of Internet crime today. Botnets are complex systems and there are many different approaches to combating the problem. I decided to take a look at some of the more recent techniques to discover bot malware infection from network traffic. I came across two particularly interesting methods of identifying infected machines. One is to look at the most often used command and control technique – IRC channels – and try to determine ‘evil’ channels which provide commands for zombie machines. Another idea is to look for DNS Black List lookups, which may be performed by bots to test that an IP address is not listed before using it to send spam. Attached is a short presentation I gave for the ISIS computer lab.

Botnet Membership Detection within the Network

  • Digg
  • del.icio.us
  • Facebook
  • Google Bookmarks
  • E-mail this story to a friend!
  • LinkedIn
  • Print this article!
  • Reddit
  • Slashdot
  • StumbleUpon
  • Technorati
  • TwitThis
This work, unless otherwise expressly stated, is licensed under a Creative Commons Attribution 3.0 United States License.

0 Response to “Detecting Botnet Membership”

Feed for this Entry Trackback Address
  • No Comments

Leave a Reply