Embedded Malware - An Analysis of the Chuck Norris Botnet

Čeleda, Pavel; Krejčí, Radek; Vykopal, Jan; Drašar, Martin

doi:10.1109/ec2nd.2010.15

Cited by 18 publications

(9 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Forensic analysis of devices infected by Mirai botnet is provided by Zhang et al [98]. Other botnet studies include analysis on Chuck Norris botnet byČeleda et al [99], [100], Dofloo/Spike botnet by Bohio et al [101], Psyb0t analysis by Durfina et al [102], and Baume et al [103]. IoT security-specific survey was presented by Pajouh et al [104], intrusion detection system specific IoT review was provided by Khraisat et al [105], DDoS attack mitigating intrusion detection systems are surveyed by Mishra et al in [106].…”

Section: Related Workmentioning

confidence: 99%

A Survey on Cross-Architectural IoT Malware Threat Hunting

et al. 2021

View full text Add to dashboard Cite

In recent years, the increase in non-Windows malware threats had turned the focus of the cybersecurity community. Research works on hunting Windows PE-based malwares are maturing, whereas the developments on Linux malware threat hunting are relatively scarce. With the advent of the Internet of Things (IoT) era, smart devices that are getting integrated into human life have become a hackers' highway for their malicious activities. The IoT devices employ various Unix-based architectures that follow ELF (Executable and Linkable Format) as their standard binary file specification. This study aims at providing a comprehensive survey on the latest developments in cross-architectural IoT malware detection and classification approaches. Aided by a modern taxonomy, we discuss the feature representations, feature extraction techniques, and machine learning models employed in the surveyed works. We further provide more insights on the practical challenges involved in cross-architectural IoT malware threat hunting and discuss various avenues to instill potential future research.

show abstract

Section: Related Workmentioning

confidence: 99%

A Survey on Cross-Architectural IoT Malware Threat Hunting

et al. 2021

View full text Add to dashboard Cite

show abstract

“…is based on the prevalent threat of end-users not updating their firmware. This may result in the device being susceptible to emergent malware specimens which exploit the vulnerabilities of the operating system (Baume, 2009;Čeleda, et al, 2010). End-users may continue utilizing the default firmware on the ADSL router that was present when the device was purchased.…”

Section: Adsl Router Investigationmentioning

confidence: 99%

“…However, the ADSL router's non-volatile storage contains account authentication credentials, preconfigured data for accessing remote network services and security settings. In addition had the device been compromised through malware specimens inclusive of psyb0t or the Chuck Norris Botnet (Bridges, 2008;Symantec, 2009) this would result in static changes to the configuration data which will remain present in nonvolatile storage when the device is powered down (Čeleda, Krejčí, Vykopal, & Drašar, 2010).…”

Section: Introductionmentioning

confidence: 99%

Analysis of Data Remaining on Second Hand ADSL Routers

Szewczyk

2011

JDFSL

View full text Add to dashboard Cite

In theory, an ADSL router can provide an additional layer of security to a wired and wireless network through; access control, wireless encryption, firewall rule sets, and network event logging. An ADSL router may also contain the users' usage habits and broadband account credentials. However, end-users may be unaware of the intricacies of the security measures available and the potentially confidential information stored on their device. As a result a second hand ADSL router may contain a wealth of user-specific information if not wiped and disposed of in a secure manner. This paper shows the data that was acquired from a selection of second hand ADSL routers purchased during the first quarter of 2011. From the data acquired and analysed, individuals are not removing their personally identifiable information and are leaving confidential data which may lead to detrimental outcomes if misused. The paper also shows that end-user applied security on these devices was alarmingly low. Thus many consumers may fall victim to new and emergent Internet based crimes if the full security capabilities of their ADSL router are not applied.

show abstract

“…Ongoing presence of the Chuck Norris botnet was documented by Marco van Berkum [8] in November 2010. Description of this improved version can be found in [9]. The life cycle of the Chuck Norris botnet can be divided into the four parts as shown in Figure 1.…”

Section: Modem Malwarementioning

confidence: 99%

“…The Chuck Norris botnet [7] got its nickname from a comment in its source code [R]anger Killato : in nome di Chuck Norris !. The botnet was disclosed in February 2010 and the activity of the botnet's C&C centres was suspended on 22 February 2010.…”

Section: Modem Malwarementioning

confidence: 99%

Revealing and analysing modem malware

Čeleda

Krejčí

Krmíček

2012

2012 IEEE International Conference on Communications (ICC)

Self Cite

View full text Add to dashboard Cite

Abstract-Malware targeting broadband devices like ADSL modems, routers and wireless access points is very frequent in recent days. In this paper, we provide a formal description of modem malware life cycle. Furthermore, we propose a set of techniques to perform detailed analysis of infected modem and we provide the binary samples of modem malware at our web repository. Description of the modem malware evolution is also included. Based on our experiences with analysing and monitoring modem malware, we report on long-term statistics of modem malware activities in campus network including a discovery of new botnet. We propose NetFlow based detection method to reveal the modem malware spreading.

show abstract

Embedded Malware - An Analysis of the Chuck Norris Botnet

Cited by 18 publications

References 1 publication

A Survey on Cross-Architectural IoT Malware Threat Hunting

A Survey on Cross-Architectural IoT Malware Threat Hunting

Analysis of Data Remaining on Second Hand ADSL Routers

Revealing and analysing modem malware

Contact Info

Product

Resources

About