A case study on Storm worm

From Botnets.fr
Jump to navigation Jump to search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

A case study on Storm worm
Botnet Storm
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol HTTP, P2P
Date 2008 / 9 avril 2008
Editor/Conference Usenix
Link http://static.usenix.org/event/leet08/tech/full papers/holz/holz html/ (Archive copy)
Author Thorsten Holtz, Moritz Steiner, Frederic Dahl, Ernst Biersack, Felix Freiling
Type

Abstract

Botnets, i.e., networks of compromised machines under a common control infrastructure, are commonly controlled by an attacker with the help of a central server: all compromised machines connect to the central server and wait for commands.

However, the first botnets that use peer-to-peer (P2P) networks for remote control of the compromised machines appeared in the wild recently. In this paper, we introduce a methodology to analyze and mitigate P2P botnets. In a case study, we examine in detail the Storm Worm botnet, the most wide-spread P2P botnet currently propagating in the wild. We were able to infiltrate and analyze in-depth the botnet, which allows us to estimate the total number of compromised machines. Furthermore, we present two different ways to disrupt the communication channel between controller and compromised machines in order to mitigate the botnet and evaluate the effectiveness of these mechanisms.

Bibtex

 @misc{Holtz2008BFR893,
   editor = {Usenix},
   author = {Thorsten Holtz, Moritz Steiner, Frederic Dahl, Ernst Biersack, Felix Freiling},
   title = {A case study on Storm worm},
   date = {Error: Invalid time.},
   month = Error: Invalid time.,
   year = {2008},
   howpublished = {\url{http://static.usenix.org/event/leet08/tech/full_papers/holz/holz_html/}},
 }