Measuring and detecting Fast-Flux service networks

From Botnets.fr
Jump to navigation Jump to search

(Publication) Google search: [1]

Measuring and detecting Fast-Flux service networks
Botnet Storm
Malware Storm Worm
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2008 /
Editor/Conference University of Mannheim & Fraunhofer FIRST
Link http://pi1.informatik.uni-mannheim.de/filepool/publications/fast-flux-ndss08.pdf uni-mannheim.de (pdf) (uni-mannheim.de (pdf) Archive copy)
Author Thorsten Holz, Christian Gorecki, Konrad Rieck, Felix C. Freiling
Type

Abstract

We present the first empirical study of fast-flux service networks (FFSNs), a newly emerging and still not widelyknown phenomenon in the Internet. FFSNs employ DNS to establish a proxy network on compromised machines through which illegal online services can be hosted with very high availability. Through our measurements we show that the threat which FFSNs pose is significant: FFSNs occur on a worldwide scale and already host a substantial percentage of online scams. Based on analysis of the principles of FFSNs, we develop a metric with which FFSNs can be effectively detected. Considering our detection technique we also discuss possible mitigation strategies.

Bibtex

 @misc{Holz2008BFR903,
   editor = {University of Mannheim & Fraunhofer FIRST},
   author = {Thorsten Holz, Christian Gorecki, Konrad Rieck, Felix C. Freiling},
   title = {Measuring and detecting Fast-Flux service networks},
   date = {28},
   month = Nov,
   year = {2008},
   howpublished = {\url{http://pi1.informatik.uni-mannheim.de/filepool/publications/fast-flux-ndss08.pdf  uni-mannheim.de (pdf)}},
 }