On botnets that use DNS for command and control
Jump to navigation
Jump to search
(Publication) Google search: [1]
On botnets that use DNS for command and control | |
---|---|
Botnet | Feederbot, Agobot, Koobface, Rbot, Sality, Sdbot, Swizzor, Virut, Zbot |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2011 / |
Editor/Conference | Institute for Internet Security University of Applied Sciences Gelsenkirchen Gelsenkirchen, Germany |
Link | http://www.cj2s.de/On-Botnets-that-use-DNS-for-Command-and-Control.pdf (Archive copy) |
Author | Christian J. Dietrich, Christian Rossow, Felix C. Freiling, Herbert Bos, Maarten van Steen, Norbert Pohlmann |
Type |
Abstract
“ We discovered and reverse engineered Feederbot, a botnet that uses DNS as carrier for its command and control. Using k-Means clustering and a Euclidean Distance based classifier, we correctly classified more than 14m DNS transactions of 42,143 malware samples concerning DNS-C&C usage, revealing another bot family with DNS C&C. In addition, we correctly detected DNS C&C in mixed office workstation network traffic.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2011BFR920, editor = {Institute for Internet Security University of Applied Sciences Gelsenkirchen Gelsenkirchen, Germany}, author = {Christian J. Dietrich, Christian Rossow, Felix C. Freiling, Herbert Bos, Maarten van Steen, Norbert Pohlmann}, title = {On botnets that use DNS for command and control}, date = {20}, month = Sep, year = {2011}, howpublished = {\url{http://www.cj2s.de/On-Botnets-that-use-DNS-for-Command-and-Control.pdf}}, }