A Large-Scale Empirical Study of Conficker

Shin, Seungwon; Gu, Guofei; Reddy, Narasimha; Lee, Christopher P.

doi:10.1109/tifs.2011.2173486

Cited by 50 publications

(37 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We also list the AS name and home country extracted from whois data. Similar to the Conficker [55] and Mega-D [4] botnets, we see a dominant AS at the top of the list (TTNet), which alone accounts for over 10% all participating bots, followed by a long tail of small ASes. However, although the scale of the leading ASes may resemble other botnets, the networks featured in the top 10 are quite different (Table 4).…”

Section: Botnet Characteristicsmentioning

confidence: 51%

See 1 more Smart Citation

Analysis of a "/0" stealth scan from a botnet

Dainotti

King

claffy

et al. 2012

Proceedings of the 2012 Internet Measurement Conference

View full text Add to dashboard Cite

Botnets are the most common vehicle of cyber-criminal activity. They are used for spamming, phishing, denial of service attacks, brute-force cracking, stealing private information, and cyber warfare. Botnets carry out network scans for several reasons, including searching for vulnerable machines to infect and recruit into the botnet, probing networks for enumeration or penetration, etc. We present the measurement and analysis of a horizontal scan of the entire IPv4 address space conducted by the Sality botnet in February of last year. This 12-day scan originated from approximately 3 million distinct IP addresses, and used a heavily coordinated and unusually covert scanning strategy to try to discover and compromise VoIP-related (SIP server) infrastructure. We observed this event through the UCSD Network Telescope, a /8 darknet continuously receiving large amounts of unsolicited traffic, and we correlate this traffic data with other public sources of data to validate our inferences. Sality is one of the largest botnets ever identified by researchers, its behavior represents ominous advances in the evolution of modern malware: the use of more sophisticated stealth scanning strategies by millions of coordinated bots, targeting critical voice communications infrastructure. This work offers a detailed dissection of the botnet's scanning behavior, including general methods to correlate, visualize, and extrapolate botnet behavior across the global Internet.

show abstract

Section: Botnet Characteristicsmentioning

confidence: 51%

“…To this end, we determine the Autonomous System Number (ASN) for each bot using a Routeviews BGP routing snapshot [60] [55], the Mega-D botnet as reported by [4,55], and the Sality (sipscan) botnet. We observe a trend toward Eastern European countries which have not featured as prominently in previous botnets.…”

Section: Botnet Characteristicsmentioning

confidence: 99%

Analysis of a "/0" stealth scan from a botnet

Dainotti

King

claffy

et al. 2012

Proceedings of the 2012 Internet Measurement Conference

View full text Add to dashboard Cite

show abstract

“…Conficker [13], [14] is a computer worm and also a botnet discovered in November 2008. It has up to five variants and it mainly exploits vulnerability in the NetBIOS server service on Windows computers.…”

Section: A Stealthy and Slow-paced Attackmentioning

confidence: 99%

Slow-Paced Persistent Network Attacks Analysis and Detection Using Spectrum Analysis

Chen

Hsiao

Chen

et al. 2016

IEEE Systems Journal

View full text Add to dashboard Cite

Abstract-A slow-paced persistent attack, such as slow worm or bot, can bewilder the detection system by slowing down their attack. Detecting such attacks based on traditional anomaly detection techniques may yield high false alarm rates. In this paper, we frame our problem as detecting slow-paced persistent attacks from a time series obtained from network trace. We focus on time series spectrum analysis to identify peculiar spectral patterns that may represent the occurrence of a persistent activity in the time domain. We propose a method to adaptively detect slow-paced persistent attacks in a time series and evaluate the proposed method by conducting experiments using both synthesized traffic and real-world traffic. The results show that the proposed method is capable of detecting slow-paced persistent attacks even in a noisy environment mixed with legitimate traffic.

show abstract

“…The network can be a host based internal network or just some computers that share information via USB drives. Vulnerable computers can be infected with 2 types of malware -known malware and so-called 0-Day malware [4][6] [8]. The distinction here is that Anti-Virus companies have signatures for known malware.…”

Section: Onto Malwarementioning

confidence: 99%

“…Specially crafted exploit code have been developed using python code & shell code for the purpose of proof of concept to exploit the existing vulnerability of buffer overflow inside the application. Propagation of the infected/malicious word document have been done using conventional methods through email [4][6], hyper link creation and luring the victims to download the file, spreading and posting the links over social media .…”

Section: ) Microsoft Word Document 2007-buffer Overflow Vulnerabilitmentioning

confidence: 99%

Pervasive Malware Propagation Mechanism and Mitigation Techniques

Kumar¹,

Kulkarni²

2015

IJCA

View full text Add to dashboard Cite

Malwares i.e. malicious code/softwares poses prevalent threat to businesses and network across distributed systems. Like it is said in order to catch criminals, we have to think like a criminal, likewise in order to catch cyber criminals/terrorists, we have to think like a cyber-criminal. Malware campaigns have been the driving engines for cyber-warfare being used by cyber criminals & black hat hackers to target organizations, various governments, and financial institutions for leverage & selfish profits, since early decade. In the recent trends of past years, the sophistication of malware campaigns have grown more complex to perform targeted successful attacks and bypass the prevailing & evolving defense mechanisms out there. Our approach is motivated by the factor that malwares breed on the vulnerability of the software applications running across the web. Idea behind pervasive malware propagation mechanism is to provide insight towards various exploitable scenarios based on vulnerabilities and software coding flaws in the software system, its architecture and over the network. Understanding the control flow structure of malware propagation into the system & over the network provides greater insight into how vulnerabilities are being exploited , how target surface identification is being carried out by the attackers, how exactly the exploits are being delivered using the payloads & what mechanism is being used to maintain the access to the exploited victim over the network. Eventually some suggestions as precautionary mitigation mechanisms to stop the malware propagation.

show abstract

A Large-Scale Empirical Study of Conficker

Cited by 50 publications

References 10 publications

Analysis of a "/0" stealth scan from a botnet

Analysis of a "/0" stealth scan from a botnet

Slow-Paced Persistent Network Attacks Analysis and Detection Using Spectrum Analysis

Pervasive Malware Propagation Mechanism and Mitigation Techniques

Contact Info

Product

Resources

About