Case study of the Miner botnet

From Botnets.fr
Jump to navigation Jump to search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

Case study of the Miner botnet
Botnet
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2012 / 2012-06-05
Editor/Conference 4th International Conference on Cyber Con ict
Link https://ccdcoe.org/sites/default/files/multimedia/pdf/5 7 PlohmannGerhards-Padilla ACaseStudyOnTheMinerBotnet.pdf (Archive copy)
Author Daniel Plohmann, Elmar Gerhards-Padilla
Type Conference paper or presentation

Abstract

Malware and botnets are one of the most serious threats to today’s Internet security.

In this paper, we characterise the so-called “Miner Botnet”. It received major media attention after massive distributed denial of service attacks against a wide range of German and Russian websites, mainly during August and September 2011. We use our insights on this botnet to outline current botnet-related money-making concepts and to show that multiple activities of this botnet are actually centred on the virtual anonymised currency Bitcoin, thus justifying the name. Furthermore, we provide a binary-level analysis of the malware’s design and components to illustrate the modularity of the previously mentioned concepts. We give an overview of the structure of the command-and-control protocol as well as of the botnet’s architecture. Both centralised as well as distributed infrastructure aspects realised through peer-to-peer are present to run the botnet, the latter for increasing its resiliency. Finally, we provide the results of our ongoing tracking efforts that started in September 2011, focusing on the development of the botnet’s size and geographic distribution. In addition we point out the challenge that is generally connected with size measurements of botnets due to the reachability of individual nodes and the persistence of IP addresses over time.

Bibtex

 @misc{Plohmann2012BFR4665,
   editor = {4th International Conference on Cyber Con􀃀 ict},
   author = {Daniel Plohmann, Elmar Gerhards-Padilla},
   title = {Case study of the Miner botnet},
   date = {05},
   month = Jun,
   year = {2012},
   howpublished = {\url{https://ccdcoe.org/sites/default/files/multimedia/pdf/5_7_PlohmannGerhards-Padilla_ACaseStudyOnTheMinerBotnet.pdf}},
 }