Difference between revisions of "On botnets that use DNS for command and control"
Jump to navigation
Jump to search
m (1 revision imported) |
m (Text replacement - "Feedorbot" to "Feederbot") |
||
(One intermediate revision by the same user not shown) | |||
Line 1: | Line 1: | ||
{{Publication | {{Publication | ||
|Image=On-Botnets-that-use-DNS-for-Command-and-Control.png | |Image=On-Botnets-that-use-DNS-for-Command-and-Control.png | ||
| | |Botnet=Feederbot, Agobot, Koobface, Rbot, Sality, Sdbot, Swizzor, Virut, Zbot, | ||
|Malware=, | |||
|CCProtocol=, | |||
|Operation=, | |||
|Year=2011 | |||
|Editor=Institute for Internet Security University of Applied Sciences Gelsenkirchen Gelsenkirchen, Germany | |||
|Link=http://www.cj2s.de/On-Botnets-that-use-DNS-for-Command-and-Control.pdf | |||
|Author=Christian J. Dietrich, Christian Rossow, Felix C. Freiling, Herbert Bos, Maarten van Steen, Norbert Pohlmann, | |||
|Abstract=We discovered and reverse engineered Feederbot, a botnet that uses DNS as carrier for its command and control. Using k-Means clustering and a Euclidean Distance based classifier, we correctly classified more than 14m DNS transactions of 42,143 malware samples concerning DNS-C&C usage, revealing another bot family with DNS C&C. In addition, we correctly detected DNS C&C in mixed office workstation network traffic. | |||
|Document= | |Document= | ||
|Licence= | |Licence= | ||
|Video= | |Video= | ||
|NomRevue= | |NomRevue= | ||
|ISBN= | |ISBN= | ||
|Page= | |Page= | ||
|Keyword=, | |||
|Keyword=, | |||
}} | }} |
Latest revision as of 14:14, 31 July 2015
(Publication) Google search: [1]
On botnets that use DNS for command and control | |
---|---|
Botnet | Feederbot, Agobot, Koobface, Rbot, Sality, Sdbot, Swizzor, Virut, Zbot |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2011 / |
Editor/Conference | Institute for Internet Security University of Applied Sciences Gelsenkirchen Gelsenkirchen, Germany |
Link | http://www.cj2s.de/On-Botnets-that-use-DNS-for-Command-and-Control.pdf (Archive copy) |
Author | Christian J. Dietrich, Christian Rossow, Felix C. Freiling, Herbert Bos, Maarten van Steen, Norbert Pohlmann |
Type |
Abstract
“ We discovered and reverse engineered Feederbot, a botnet that uses DNS as carrier for its command and control. Using k-Means clustering and a Euclidean Distance based classifier, we correctly classified more than 14m DNS transactions of 42,143 malware samples concerning DNS-C&C usage, revealing another bot family with DNS C&C. In addition, we correctly detected DNS C&C in mixed office workstation network traffic.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2011BFR920, editor = {Institute for Internet Security University of Applied Sciences Gelsenkirchen Gelsenkirchen, Germany}, author = {Christian J. Dietrich, Christian Rossow, Felix C. Freiling, Herbert Bos, Maarten van Steen, Norbert Pohlmann}, title = {On botnets that use DNS for command and control}, date = {02}, month = May, year = {2011}, howpublished = {\url{http://www.cj2s.de/On-Botnets-that-use-DNS-for-Command-and-Control.pdf}}, }