Defaming botnet toolkits: A bottom-up approach to mitigating the threat

Proceedings - 4th International Conference on Emerging Security Information, Systems and Technologies, SECURWARE 2010

Volumn , Issue , 2010, Pages 195-200

  Ormerod, Thomas ^a   Wang, Lingyu ^a   Debbabi, Mourad ^a   Youssef, Amr ^a   Binsalleeh, Hamad ^a   Boukhtouta, Amine ^a   Sinha, Prosenjit ^a  

^a Dept of Electrical and Computer Engineering   (Canada)

Author keywords

Botnet; Identity theft; Network security; Reverse engineering; Zeus

Indexed keywords

BOTNET; BOTNETS; BOTTOM UP APPROACH; CREDIT CARDS; ECONOMIC INCENTIVE; END-USERS; FOOD CHAIN; IDENTITY THEFT; ZEUS;

BEHAVIORAL RESEARCH; CRIME; REVERSE ENGINEERING;

NETWORK SECURITY;

EID: 79952066459     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SECURWARE.2010.39     Document Type: Conference Paper

References (19)

1. N. Kshetri, "The simple economics of cybercrimes," IEEE Security & Privacy, vol. 4, no. 1, pp. 33-39, Jan. 2006.
2. J. Shurin, D. Gruner, and H. Hillebrand, "All wet or dried up? real differences between aquatic and terrestrial food webs," Proceedings of the Royal Society B: Biological Sciences, vol. 273, no. 1582, pp. 1-9, 01 2006.
3. P. Coogan. (2009, August) Zeus, king of the underground crimeware toolkits. Symantec. Last accessed: 19/04/2010. [Online]. Available: http://www.symantec.com/connect/blogs/zeus-king-underground-crimeware-toolkits
4. A. Ramachandran, N. Feamster, and D. Dagon, "Revealing botnet membership using dnsbl counter-intelligence," in Proceedings of USENIX SRUTI06, July 2006, pp. 49-54.
5. T.-F. Yen and M. K. Reiter, "Traffic aggregation for malware detection," in Proceedings of the Fifth GI International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA08), 2008 2008, pp. 207-227.
6. G. Gu, R. Perdisci, J. Zhang, and W. Lee, "Botminer: Clustering analysis of network traffic for protocol- and structureindependent botnet detection," in Proceedings of the USENIX Security Symposium. Berkeley, CA, USA: USENIX Association, August 2008, pp. 139-154.
7. G. Gu, P. Porras, V. Yegneswaran, M. Fong, and W. Lee, "Bothunter: detecting malware infection through ids-driven dialog correlation," in SS'07: Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium. Berkeley, CA, USA: USENIX Association, 2007, pp. 1-16.
8. J. Goebel and T. Holz, "Rishi: Identify bot contaminated hosts by irc nickname evaluation," in Proceedings of USENIX HotBots07. Berkeley, CA, USA: USENIX Association, 2007.
9. J. Franklin, V. Paxson, A. Perrig, and S. Savage, "An inquiry into the nature and causes of the wealth of internet miscreants," in Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS'07), 2007, pp. 375-388.
10. M. Chandrasekaran, R. Chinchani, and S. Upadhyaya, "Phoney: Mimicking user response to detect phishing attacks," in Proceedings of the 2006 International Symposium on the World of Wireless, Mobile and Multimedia Networks, 2006, pp. 5pp.-672.
11. T. Holz, M. Engelberth, and F. Freiling, "Learning more about the underground economy: A case-study of keyloggers and dropzones," University of Mannheim, Tech. Rep. Reihe Informatik TR-2008-006, December 2008.
12. D. Birk, S. Gajek, F. Gröbert, and A.-R. Sadeghi, "A forensic framework for tracing phishers," in IFIP Summer School on The Future of Identity in the Information Society, Karlstad, Sweden, 2007.
13. L. Spitzner. (2003, July) Honeytokens: The other honeypot. Symantec. Last accessed: 19/04/2010. [Online]. Available: http://www.symantec.com/connect/ articles/honeytokensother-honeypot
14. R. Ford and S. Gordon, "Cent, five cent, ten cent, dollar: Hitting botnets where it really hurts," in Proceedings of New Security Paradigms Workshop, 2006, pp. 3-10.
15. Z. Li, Q. Liao, and A. Striegel, "Botnet economics: Uncertainty matters," in Proceedings of the 7th Workshop on the Economics of Information Security (WEIS'08), 2008.
16. S. Li and R. Schmitz, "A novel anti-phisihng framework based on honeypots," in Proceedings of the 4th annual Anti-Phishing Working Groups eCrime Researchers Summit, September 2009.
17. D. Molnar, M. Piotrowski, D. Schultz, and D. Wagner, "The program counter security model: Automatic detection and removal of control-flow side channel attacks," in Proceedings of the 8th International Conference on Information Security and Cryptology, Seoul, Korea, December 2005, pp. 156-168.
18. Idapro - multi-processor disassembler and debugger. Last accessed: 19/04/2010. [Online]. Available: http://www.hexrays.com/idapro/
19. M. E. Russinovich and D. A. Solomon, Microsoft Windows Internals: Windows Server 2003, Windows XP, and Windows 2000, 4th ed. Microsoft Press, 2004.