Question

A BOTNET is a collection or a network of infectious ‘bots’ i.e. machines. Botnets have become a platform for the infection to the Internet. In this context, elucidate in detail about the Botnet life cycle Diagram and identify the role played by command and control server in the Botnet life cycle. Do any techniques exist to detect Botnets? If yes, exemplify. Cite your sources

Answer 1

Botnet:

• It is a difrrerent kind of malware that infect end-user devices, with the objective of a botnet.
• Starts communicating with a Command and Control (C&C) center and can perform automated activities under the attacker’s central control.
• Many threats are build by using botnet.
• Botnets can also be used for any other malicious bot activity, such as spam bots or social bots.

Botnet life-cycle:

Botnet life cycle depends on the purpose of creation of the botnet. The lifecycle of a botnet can be defined in the following stages.

• In first step attacker decides to bypass the network securities.
• In second step ,The botnet controller send the infected code over the network.
• In thired step ,attacker launches one by one new botnet's.
• In fourth step the bot's are start to spread.
• In six step,bot's attack a victim machine by DDOS.

Work which is done by Command and Control in botnet are:

• Distributed denial of service:It is used to send many request to attacked web source.The aim of DDoS is to exceeding the website’s capacity to handle multiple request, and prevent the website from functioning correctly.
• Data leaked: By the command and control server which is used by botnet is used for data theafting or leaking or manipulating.Sensitive company data, such as financial documents, can be copied or transferred to an attacker’s server.
• Reboot: Commond and control sevre by botnet are used for fail the system. An attacker can shut down one or several machines, or even bring down a company’s network.

Botnet detection techniques:

• Detection of C2's: One method is to detect C2s is breaking down and analyzing the malware code. Organizations try to disassemble the compiled code, from which they can sometimes identify the root source of the botnet's commands.
• Suspicious IP's: In this we can detect the supicious IP address.
• Traffic sources: During a malicious attack, the primary channel sending a series of request.
• By identify the flow of network.