On botnets that use DNS for command and control
Jump to navigation
Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
(Publication) Google search: [1]
On botnets that use DNS for command and control | |
---|---|
Botnet | Feederbot, Agobot, Koobface, Rbot, Sality, Sdbot, Swizzor, Virut, Zbot |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2011 / |
Editor/Conference | Institute for Internet Security University of Applied Sciences Gelsenkirchen Gelsenkirchen, Germany |
Link | http://www.cj2s.de/On-Botnets-that-use-DNS-for-Command-and-Control.pdf (Archive copy) |
Author | Christian J. Dietrich, Christian Rossow, Felix C. Freiling, Herbert Bos, Maarten van Steen, Norbert Pohlmann |
Type |
Abstract
“ We discovered and reverse engineered Feederbot, a botnet that uses DNS as carrier for its command and control. Using k-Means clustering and a Euclidean Distance based classifier, we correctly classified more than 14m DNS transactions of 42,143 malware samples concerning DNS-C&C usage, revealing another bot family with DNS C&C. In addition, we correctly detected DNS C&C in mixed office workstation network traffic.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2011BFR920, editor = {Institute for Internet Security University of Applied Sciences Gelsenkirchen Gelsenkirchen, Germany}, author = {Christian J. Dietrich, Christian Rossow, Felix C. Freiling, Herbert Bos, Maarten van Steen, Norbert Pohlmann}, title = {On botnets that use DNS for command and control}, date = {25}, month = Apr, year = {2011}, howpublished = {\url{http://www.cj2s.de/On-Botnets-that-use-DNS-for-Command-and-Control.pdf}}, }