2. WHAT IS A BOT
• An Internet bot, also known as web robot, WWW robot or simply bot, is a software
application that runs automated tasks (scripts) over the Internet.
• Typically, bots perform tasks that are both
simple and structurally repetitive, at a much
higher rate than would be possible for a
human alone.
• The largest use of bots is in web spidering (web crawler), in which an automated script
fetches, analyzes and files information from web servers at many times the speed of a
human
3. BOTNET EXPLAINED
• A botnet is a collection of internet-connected devices, which may include PCs, servers,
mobile devices and internet of things devices that are infected and controlled by a
common type of malware. Users are often unaware of a botnet infecting their system.
• The word "botnet" is a combination of the words "robot" and "network“
• A botnet is a logical collection of internet connected devices such
computers, smartphones or IoT devices whose security has been breached and control
ceded to a third party. Each such compromised device, known as a "bot"
4. • Botnet infections are usually spread through malware, such as a Trojan horse.
• Botnet malware is typically designed to automatically scan systems and devices for
common vulnerabilities that haven't been patched, in hopes of infecting as many
devices as possible. Botnet malware may also scan for ineffective or outdated security
products, such as firewalls or antivirus software.
6. The traditional client/server approach involves setting up
a command-and-control (C&C) server and sending automated
commands to infected botnet clients through a communications
protocol, such as internet relay chat (IRC).
The bots are often programmed to remain dormant and await
commands from the C&C server before initiating any malicious
activities
Simple to deploy, cheap, short latency for large scale attacks
Easiest to eliminate
COMAND&CONTROL ARCHITECHTURE
7. PEER-PEER ARCHITECTURE
• In this approach to controlling of the
infected bots involves a peer-to-peer
network.
• Instead of using C&C servers, a peer-
to-peer botnet relies on a
decentralized approach.
• Infected devices may be programmed
to scan for malicious websites, or
even for other devices in the same
botnet. The bots can then share
updated commands or the latest
versions of the botnet malware.
• Difficult to eliminate
8. THE BOTNET MEETS IOT
• one of the fastest growing and nefarious bots include those
that exploit Internet of Things (IoT) devices as weapons of
attack
• By 2016, the number of connected things was nearly
double the number of connected users and the volume of
Connected devices grows much more quickly than the
Internet
population. Depending on which source is consulted, the
number of IoT units installed could reach
as many as 20 billion by 2020
9. WHY BOTNETS LIKE INTERNET OF THINGS
• Stripped-down OS: These devices often run on the Linux operating system—but use
an embedded or stripped-down version that is comparatively easy to compromise with
malware.
• - Unfettered access: When “things” are Internet accessible, their access is usually
unfettered by filtering or limitations on bandwidth.
• - Lack of basic security: With their barebones OS and processing power, these devices
simply don’t have enough capacity for standard security capabilities like auditing. The
result? Device owners won’t even notice most compromises.
• - Reused components: Device manufacturers often reuse portions of hardware and
software in various devices. Though intended to save engineering time, this practice
also results in default passwords and vulnerabilities being shared across not just device
classes, but also manufacturers.
10. Lets look into botnets
that changed the way we see the iot
• Zeus
• Srizbi
• Gameover Zeus
• Methbot
• Mirai
• BRICKERBOT: THE VIGILANTE
11. ZEUS
• Zeus, ZeuS, or Zbot is package that runs on
versions of Microsoft Windows. While it can be
to carry out many malicious and criminal tasks, it is
often used to steal banking information by man-in-
the-browser keystroke logging and form grabbing
• zeus is the first botnet to infect vulnerable devices
and systems, and variants of this malware have
used to spread CryptoLocker ransomware.
• Zeus, or Zbot, was used to harvest banking
credentials and financial information from users of
infected devices
12. SRIZBI
• The Srizbi botnet, which was first discovered in 2007,
was, for a time, the largest botnet in the world
• Srizbi, also known as the Ron Paul spam botnet, was
responsible for a massive amount of email spam --
as much as 60 billion messages a day, accounting for
roughly half of all email spam on the internet at the
time
• The botnet used a Trojan to infect users' computers,
which were then used to send out spam. Experts
estimated that the Srizbi botnet included
approximately 450,000 infected systems.
13. GAME OVER ZEUS
• Approximately a year after the original Zeus botnet
was disrupted, a new version of the Zeus malware
emerged, known as Gameover Zeus
• Instead of relying on a traditional, centralized C&C
operation to control bots, Gameover Zeus used a
peer-to-peer network approach, which initially made
the botnet harder for law enforcement and security
vendors to pinpoint and disrupt. Infected bots used
the domains to communicate
• The Gameover Zeus botnet would generate domain
names to serve as communication points for infected
bots. An infected device would randomly select
domains until it reached an active domain that was
able to issue new commands
• The game over zeus came back with more
ransomware
14. METHBOT
• An extensive cybercrime operation and ad fraud
botnet known as Methbot was revealed in 2016
• Methbot was generating between $3 million and $5
million in fraudulent ad revenue daily last year by
producing fraudulent clicks for online ads, as well as
fake views of video advertisements
• the Methbot campaign is run on approximately 800-
1,200 dedicated servers in data centers located in
both the U.S. and all over world. The campaign's
operational infrastructure includes 6,000 spoofed
domains, and more than 850,000 dedicated IP
addresses, many of which are falsely registered
• The infected servers can produce fake clicks and
mouse movements, as well as forge social media
account logins to appear as legitimate users to fool
conventional ad fraud detection techniques
15. MIRAI
• The mirai botnet is one of the first botnet to use
the botnet for using the internet of things for
denial of service
• Mirai malware is designed to scan the internet for
insecure connected devices, while also avoiding IP
addresses belonging to major corporations, like
Hewlett-Packard ,Lenovo, Motorola and
government agencies, such as the U.S. Department
of Defense
• Once it identifies an insecure device, the malware
tries to log in with a series of common default
passwords used by manufacturers.
• If those passwords don't work, then Mirai uses
brute force attacks to guess the password. Once a
device is compromised, it connects to C&C
infrastructure and can divert varying amounts of
16.
17. • Devices that have been infected are often still able to continue functioning
normally, making it difficult to detect Mirai botnet activity from a specific
device.
• For some internet of things (IoT) devices, such as digital video recorders, the
factory password is hard coded in the device's firmware, and many devices
cannot update their firmware over the internet.
• To make things worse the creator of mirai open-sourced the mirai –botnet
and created a large scale havoc on iot
• The recent ransome ransomware attack “wannacry” that shook the world is
also propgated by using mirai
18. BRICKER BOT
• BrickerBot finds these devices and renders them
unusable. The first version attacked about a
thousand devices and alternate versions attacked
thousands more. It disabled the devices by
formatting the internal memory.
• The devices all used a Linux package called BusyBox
and had exposed telnet-based interfaces with default
passwords. These devices were easily exploited by
the Mirai botnet, which essentially turned them into
denial-of-service weapons.
• Destroys insecure IoT devices to keep them from
taking part in DDoS botnets
• · Only attacks devices already compromised by other
bots
19. PREVENTING BOTNET ATTACKS
• In the earlier days the botnet can be stoped by identifying the c&c centre
aka(botmaster).but with increase in peer to peer it has been difficult to terminates the
botnets directly
• Be sure to:
•
• Change every device’s factory default credentials.
22. AND FINALLY THE END
With great power comes
great responsbilty the
internet of things may be a
boon to the world . But it
also take the world into a
new game of cyber ware
fare .the internet of things
kils the privacy of the
people and more over it wil
make humans more lazy
and ignorant in a smarter
Way unlike any other