THIS IS HISTORY! Check fabien.benetou.fr for news.

Seedea, scalable creativity

Xye, consultancy for serious creators

Information

RSS

(Updates)

back to the article index Page feed

Botnets

Menu

Nature

Spreading mechanisms

Hiding/Resistance mechanisms

Analysis/Counter measures

Motives/Context

Evolution

Observations/General description

Other

Sources for news

Potential studies

Schemas

(:pmgraphviz -- digraph { "drive" -> "writing"; "drive" -> "injection" [label="use of existing code"]; "writing" -> "injection"; "injection" -> "propagation"; "propagation" -> "propagation" [label=" +=1 machine"]; "propagation" -> "stagnation"; "stagnation" -> "stagnation" [label=" stealth wait for request"]; "stagnation" -> "propagation"; "stagnation" -> "synchronization" [style=dashed]; "stagnation" -> "action"; "synchronization" -> "action" [style=dashed]; "stagnation" -> "upgrade" [style=dashed]; "writing" -> "upgrade" [style=dashed]; "upgrade" -> "stagnation" [style=dashed]; "synchronization" -> "stagnation" [style=dashed]; "action" -> "stagnation"; } :)

DriveWritingInjectionPropagationStagnation SynchronizationActionUpgrade
what motivates one to use a botnethow can one build one, based on existing code or delegating ithow does one initiate it (bootstrap phase, injection in the network)how does the botnet agents propagate from machine to machine to gather more agentshow each agent stay stealth while waiting for more commandshow all the agents synchronize themselves when organization are required (for example DDoS) which is mainly communicationfinally doing one the possible action (the real payload)being able to upgrade itself in order to do more action, stay more stealth, ...)

See more detailed schemas to go further.

How I (probably) got there

  1. security (virii/worms)
  2. p2p
  3. distributed computing (seti@home)
  4. freenet
  5. the "curious yellow" philosophical idea
    1. "implementation of in-the-cloud technology which is the final result of years of experience using this community database technology [...] has helped many people by intercepting and blocking new infections days, weeks, before they could have been manually analyzed and a signature would have been added manually by an analyst." from Real-World Example of In-the-Cloud Technology by Marco Giuliani, Prevx, Januart 2009
    2. The White Botnet by nikunj, Odyssey, April 2009 (few mails exchanged and even a post from the reply ;)
  6. evolution of security?
    1. having a botnet tried to gather information on my newly bought server! /w00tw00t.at.ISC.SANS.DFind:)
Page last modified on December 27, 2017, at 03:28 PM