NDLI: Your Botnet is My Botnet: Analysis of a Botnet Takeover (2009)

Please wait, while we are loading the content...

Your Botnet is My Botnet: Analysis of a Botnet Takeover (2009)

Content Provider	CiteSeerX
Author	Cavallaro, Lorenzo Szydlowski, Martin Cova, Marco Stone-Gross, Brett Gilbert, Bob Kruegel, Chris Vigna, Giovanni Kemmerer, Richard
Abstract	Botnets, networks of malware-infected machines that are controlled by an adversary, are the root cause of a large number of security threats on the Internet. A particularly sophisticated and insidious type of bot is Torpig, a malware program that is designed to har-vest sensitive information (such as bank account and credit card data) from its victims. In this paper, we report on our efforts to take control of the Torpig botnet for ten days. Over this period, we observed more than 180 thousand infections and recorded more than 70 GB of data that the bots collected. While botnets have been “hijacked ” before, the Torpig botnet exhibits certain properties that make the analysis of the data particularly interesting. First, it is pos-sible (with reasonable accuracy) to identify unique bot infections and relate that number to the more than 1.2 million IP addresses that contacted our command and control server. This shows that botnet estimates that are based on IP addresses are likely to report inflated numbers. Second, the Torpig botnet is large, targets a vari-ety of applications, and gathers a rich and diverse set of information from the infected victims. This opens the possibility to perform in-teresting data analysis that goes well beyond simply counting the number of stolen credit cards. 1.
File Format	PDF
Publisher Date	2009-01-01
Access Restriction	Open
Subject Keyword	Infected Victim Inflated Number Bank Account Insidious Type Reasonable Accuracy Unique Bot Infection Malware-infected Machine Credit Card Data Malware Program Botnet Estimate Control Server Thousand Infection In-teresting Data Analysis Ten Day Torpig Botnet Exhibit Certain Property Torpig Botnet Botnet Takeover
Content Type	Text

Central Library (ISO-9001:2015 Certified)
Indian Institute of Technology Kharagpur
Kharagpur, West Bengal, India | PIN - 721302

See location in the Map
03222 282435
Mail: support@ndl.gov.in

Sl.	Authority	Responsibilities	Communication Details
1	Ministry of Education (GoI), Department of Higher Education	Sanctioning Authority	https://www.education.gov.in/ict-initiatives
2	Indian Institute of Technology Kharagpur	Host Institute of the Project: The host institute of the project is responsible for providing infrastructure support and hosting the project	https://www.iitkgp.ac.in
3	National Digital Library of India Office, Indian Institute of Technology Kharagpur	The administrative and infrastructural headquarters of the project	Dr. B. Sutradhar bsutra@ndl.gov.in
4	Project PI / Joint PI	Principal Investigator and Joint Principal Investigators of the project	Dr. B. Sutradhar bsutra@ndl.gov.in Prof. Saswat Chakrabarti will be added soon
5	Website/Portal (Helpdesk)	Queries regarding NDLI and its services	support@ndl.gov.in
6	Contents and Copyright Issues	Queries related to content curation and copyright issues	content@ndl.gov.in
7	National Digital Library of India Club (NDLI Club)	Queries related to NDLI Club formation, support, user awareness program, seminar/symposium, collaboration, social media, promotion, and outreach	clubsupport@ndl.gov.in
8	Digital Preservation Centre (DPC)	Assistance with digitizing and archiving copyright-free printed books	dpc@ndl.gov.in
9	IDR Setup or Support	Queries related to establishment and support of Institutional Digital Repository (IDR) and IDR workshops	idr@ndl.gov.in