Name
Abstract | ||
|---|---|---|
Devices infected with malicious software typically form botnet armies under the influence of one or more command and control (C&C) servers. The botnet problem reached such levels where federal law enforcement agencies have to step in and take actions against botnets by disrupting (or "taking down") their C&Cs, and thus their illicit operations. Lately, more and more private companies have started to independently take action against botnet armies, primarily focusing on their DNS-based C&Cs. While well-intentioned, their C&C takedown methodology is in most cases ad-hoc, and limited by the breadth of knowledge available around the malware that facilitates the botnet. With this paper, we aim to bring order, measure, and reason to the botnet takedown problem. We propose a takedown analysis and recommendation system, called rza, that allows researchers to perform two tasks: 1) a postmortem analysis of past botnet takedowns, and 2) provide recommendations on how to successfully execute future botnet takedowns. As part of our system evaluation, we perform a postmortem analysis of the recent Kelihos, Zeus and 3322.org takedowns. We show that while some of these takedowns were effective, others did not appear to have a significant long-term impact on the targeted botnet. In addition to the postmortem analysis, we provide takedown recommendation metrics for 45 currently active botnets, where we find that 42 of them can likely be disabled entirely by using a DNS-based takedown strategy only. |
Year | DOI | Venue |
|---|---|---|
2013 | 10.1145/2508859.2516749 | ACM Conference on Computer and Communications Security |
Keywords | Field | DocType |
c takedown methodology,takedown analysis,beheading hydra,dns-based takedown strategy,future botnet takedowns,botnet takedown problem,botnet problem,targeted botnet,past botnet takedowns,botnet army,postmortem analysis,effective botnet takedowns | Cutwail botnet,Internet privacy,Rustock botnet,Computer science,Command and control,Computer security,Srizbi botnet,Botnet,Server,Malware,Mariposa botnet | Conference |
Citations | PageRank | References |
21 | 0.86 | 4 |
Authors | ||
5 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Yacin Nadji | 1 | 322 | 15.31 |
| Manos Antonakakis | 2 | 702 | 36.70 |
| Roberto Perdisci | 3 | 2137 | 97.99 |
| David Dagon | 4 | 1635 | 131.25 |
| Wenke Lee | 5 | 9351 | 628.83 |