Botnet Analytics Blog

Blogging the Science of Botnet Analysis

Extra large Large Normal

About
BotnetAnalytics.com is a botnet research portal that is purely intended for analyzing, sharing ideas, views and results. This portal would be releasing in the near future. Until then, this blog would be discussing on the status of BotnetAnalytics.com and the steps we are taking to build it, to become a complete site. You are most welcome to contact us, comment of existing stuff which includes both good and bad, volunteer for projects that exist or something new. Feel free to contact us at any point of time @ contact.fingers ({at}) gmail.com.

Automating Analysis of Large-Scale Botnet Probing Events

April 12th, 2010

When looking for automating botnet analysis I found this great paper “Automating Analysis of Large-Scale Botnet Probing Events”. This paper is from ASIACCS’09 March 10-12, 2009, Sydney, NSW, Australia. You can download it from : http://www.icir.org/vern/papers/probing-analy.ccs09.pdf

Abstract [Copied and pasted from the above link]:

Botnets dominate today’s attack landscape. In this work we investigate ways to analyze collections of malicious probing trafic inorder to understand the signifcance of large-scale “botnet probes”. In such events, an entire collection of remote hosts together probes the address space monitored by a sensor in some sort of coordinated fashion. Our goal is to develop methodologies by which sites receiving such probes can infer-using purely local observation-information about the probing activity: What scanning strategies does the probing employ? Is this an attack that specifcally targets the site, or is the site only incidentally probed as part of a larger, indiscriminant attack?
Our analysis draws upon extensive honeynet data to explore the prevalence of different types of scanning, including properties such as trend, uniformity, coordination, and darknet avoidance. In addition, we design schemes to extrapolate the global properties of scanning events (e.g., total population and target scope) as inferred from the limited local view of a honeynet. Cross-validating with data from DShield shows that our inferences exhibit promising accuracy.

Really nice read for someone who wants to understand more about automation part of analysis of large scale botnet events. This is something towards which most of the Security Operation Centers (SOCs) are moving towards to provide a cost effective solution, instead of outsourcing the services completely. We hope that you enjoy reading the paper. Thank you for choosing Botnet Analytics!

Posted in Uncategorized

Leave a Reply

EvilFingers Blog
- State of the art in CRiMEPACK Exploit Pack May 27, 2010
  CRiMEPACK exploit pack is a widespread and accepted in the crime scene in this area came under the slogan “Highest Lowest rates for the price“. He is currently In-the-Wild 3.0 version is being developed as alpha (the first of this version). That’s, is in the middle stage of evaluation, perhaps in the […]
- BlackHat SEO Campaign for the thirtieth anniversary of PAC-MAN May 24, 2010
  Recently, the legendary video game PAC-MAN has completed 30 years of existence and Google has launched a campaign in his honor by placing a banner that allows even play. However, Google not only benefits from this but also cyber-criminals, who saw in this campaign a new opportunity to attack and have launched […]
- Announcement: New Media Partner – CONFidence April 25, 2010
  We are happy to announce our partnership with CONFidence, one of the leading conferences in the InfoSec community. They are conducting their 7th Conference next month. Check it out at: http://2010.confidence.org.pl/ We encourage all our users to attend CONFidence, and if you do please do contact us to receive 10% discount on the conference registration. Read […]
- SPAM looks so real March 17, 2010
  Just received an email for Wordpress blog of a comment to our Botnet Analytics Blog post, that looks so real: To: contact.fingers@gmail.com Subject: [Botnet Analytics Blog] Please moderate: “Commercializing Botnets” X-PHP-Script: botnet.kaffenews.com/wp-comments-post.php for xxxxxxx Date: Wed, 17 Mar 2010 10:01:00 -0400 From: xxxxxx Message-ID: X-Priority: 3 […]
- IRS Scam Campaign on proposal by Zeus February 20, 2010
  In the last hours has launched a new campaign as an excuse ZeuS a scam using the IRS (Internal Revenue Service) by which propagates its trojan. ZeuS trojan variant in this case has the MD5 14FBCE4A3F67E46B18308AC6824B2A00 under the name tax-statement.exe, whose detection rate is high. In addition, the person entering this page, in a transparent manner will […]

Archive
Calendar
September 2010

M T W T F S S

« Aug

1 2 3 4 5

6 7 8 9 10 11 12

13 14 15 16 17 18 19

20 21 22 23 24 25 26

27 28 29 30
Blogroll
Rootkit Analytics
- Update on Next Version of SpyDLLRemover August 16, 2010
  Here is the brief update on upcoming release of SpyDLLRemover. Most of the major work highlighted in our previous blog post has been completed and only some final art work is left out. Below is the fresh glimpse of new banner which is going to replace old one. Just being the old, other reason for change […]
- Releasing Soon: New Version of SpyDLLRemover August 2, 2010
  We are vigorously working on next major version of SpyDLLRemover which will bring out the best changes that our users have been looking for since the beginning. We have received lot of feedbacks directly as well as through various forums mentioning about improvements in SpyDLLRemover. One of the most asked enhancement was the ‘Re-sizable Window feature’ [... […]
- Rootkit Analytics – The New Look June 28, 2010
  Rootkit Analytics has the new look and feel and not just that, we are now working on more stuff that would make it user friendly. We aren’t going to list each minute tweak, but there is a lot more to come. Hence, we would complete it all and keep you posted on any major update. […]
- StreamArmor – New Tool to Scan & Sweep Malicious Streams March 27, 2010
  StreamArmor (previously HiddenADSExplorer) is the sophisticated tool for discovering hidden alternate data streams (ADS) as well as clean them completely from the system. It’s advanced auto analysis coupled with online threat verification mechanism makes it the best tool available in the market for eradicating the evil streams. It comes with fast multi threa […]
- Now Post Your Rootkit Queries on SpywareAnalytics Forum March 23, 2010
  Spyware Analytics Forum, the division of EvilFingers empire is released to public now. The main aim of this forum is to provide an interface for home & enterprise users to interact with security professionals. Most users do not really get a chance to directly interact with professionals who can really solve their issues. Spyware Analytics is […]
Meta
Tags

book keeping

Recent