Detecting Botnet Membership

Published
by
Brad Schonhorst
on April 21, 2007
in Network Security, Spam and Viruses
.

More and more often we hear about botnets being responsible for a larger piece of Internet crime today. Botnets are complex systems and there are many different approaches to combating the problem. I decided to take a look at some of the more recent techniques to discover bot malware infection from network traffic. I came across two particularly interesting methods of identifying infected machines. One is to look at the most often used command and control technique - IRC channels - and try to determine ‘evil’ channels which provide commands for zombie machines. Another idea is to look for DNS Black List lookups, which may be performed by bots to test that an IP address is not listed before using it to send spam. Attached is a short presentation I gave for the ISIS computer lab.

Botnet Membership Detection within the Network

  • Digg
  • del.icio.us
  • NewsVine
  • Reddit
  • Slashdot
  • StumbleUpon
  • Technorati
  • YahooMyWeb
  • Facebook
  • Google
  • Pownce
  • TwitThis
  • E-mail this story to a friend!
This work, unless otherwise expressly stated, is licensed under a Creative Commons Attribution 3.0 License.

0 Responses to “Detecting Botnet Membership”

Feed for this Entry Trackback Address
  1. No Comments

Leave a Reply