Botnet:
- It is a difrrerent kind of malware that infect end-user
devices, with the objective of a botnet.
- Starts communicating with a Command and Control (C&C)
center and can perform automated activities under the attacker’s
central control.
- Many threats are build by using botnet.
- Botnets can also be used for any other malicious bot activity,
such as spam bots or social bots.
Botnet life-cycle:
Botnet life cycle depends on the purpose of creation of the
botnet. The lifecycle of a botnet can be defined in the following
stages.
- In first step attacker decides to bypass the network
securities.
- In second step ,The botnet controller send the infected code
over the network.
- In thired step ,attacker launches one by one new botnet's.
- In fourth step the bot's are start to spread.
- In six step,bot's attack a victim machine by DDOS.
Work which is done by Command and Control in botnet
are:
- Distributed denial of service:It is used to
send many request to attacked web source.The aim of DDoS is to
exceeding the website’s capacity to handle multiple request, and
prevent the website from functioning correctly.
- Data leaked: By the command and control server
which is used by botnet is used for data theafting or leaking or
manipulating.Sensitive company data, such as financial documents,
can be copied or transferred to an attacker’s server.
- Reboot: Commond and control sevre by botnet
are used for fail the system. An attacker can shut down one or
several machines, or even bring down a company’s network.
Botnet detection techniques:
- Detection of C2's:
One method is to detect C2s is breaking down and analyzing the
malware code. Organizations try to disassemble the compiled code,
from which they can sometimes identify the root source of the
botnet's commands.
- Suspicious IP's:
In this we can detect the supicious IP address.
- Traffic sources:
During a malicious attack, the primary channel sending a series of
request.
- By identify the flow of network.