Measurements and mitigation of peer-to-peer-based botnets: A case study on storm worm

LEET 2008 - 1st USENIX Workshop on Large-Scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More

Volumn , Issue , 2008, Pages

  Holz, Thorsten ^a   Steiner, Moritz ^a,b   Dahl, Frederic ^a   Biersack, Ernst ^b   Freiling, Felix ^a  

^a UNIVERSITY OF MANNHEIM   (Germany)

^b EURECOM   (France)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER VIRUSES; PEER TO PEER NETWORKS; REMOTE CONTROL; STORMS;

BOTNETS; CENTRAL SERVERS; CONTROL INFRASTRUCTURES; PEER TO PEER; PEER TO PEER (P2P) NETWORK; WIDE SPREADS;

BOTNET;

EID: 85084097128     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (32)

1. P. Baecher, M. Koetter, T. Holz, F. Freiling, and M. Dornseif. The nepenthes platform: An efficient approach to collect malware. In Proceedings of 9th International Symposium On Recent Advances in Intrusion Detection (RAID’06), 2006.
2. J. Ballard. Storm Worm, October 2007. NANOG 41, http://www.nanog.org/mtg-0710/kristoff.html.
3. P. Barford and V. Yegneswaran. An Inside Look at Botnets, volume 27 of Advances in Information Security, pages 171–191. 2007.
4. U. Bayer, A. Moser, C. Kruegel, and E. Kirda. Dynamic analysis of malicious code. Journal in Computer Virology, 2:67–77, 2006.
5. E. Cooke, F. Jahanian, and D. McPherson. The zombie roundup: Understanding, detecting, and disrupting botnets. In Workshop on Steps to Reducing Unwanted Traffic on the Internet (SRUTI’05), pages 39–44. USENIX, June 2005.
6. D. Dagon, C. Zou, and W. Lee. Modeling botnet propagation using time zones. In Proceedings of the 13th Annual Network and Distributed System Security Symposium (NDSS’06), 2006.
7. st International Workshop on Peer-to-Peer Systems (IPTPS), LNCS, pages 251–260, March 2002.
8. B. Enright. Exposing Stormworm, October 2007. Toorcon 9, http://noh.ucsd.edu/~bmenrigh/.
9. Federal Bureau of Investigation (FBI). Operation Bot Roast, February 2007. http://www.fbi.gov/pressrel/pressrel07/botnet061307.htm.
10. Frank Boldewin. Peacomm.C - Cracking the nutshell, September 2007. http://www.reconstructer.org/.
11. F. Freiling, T. Holz, and G. Wicherski. Botnet Tracking: Exploring a Root-Cause Methodology to Prevent Distributed Denial-of-Service Attacks. In Proceedings of 10th European Symposium On Research In Computer Security (ESORICS’05), July 2005.
12. J. B. Grizzard, V. Sharma, C. Nunnery, B. B. Kang, and D. Dagon. Peer-to-peer botnets: Overview and case study. In Proceedings of Hot Topics in Understanding Botnets (HotBots’07), 2007.
13. L. Grossman. The worm that roared. Internet: http://www.time.com/time/magazine/, September 2007.
14. G. Gu, P. Porras, V. Yegneswaran, M. Fong, and W. Lee. Bothunter: Detecting malware infection through ids-driven dialog correlation. In Proceedings of the 16th USENIX Security Symposium, 2006.
15. Honeynet Project. Know your Enemy: Tracking Botnets, March 2005. http://www.honeynet.org/papers/bots.
16. KadC. http://kadc.sourceforge.net/.
17. B. Krebs. Storm worm dwarfs world’s top supercomputers. Internet: http://blog.washingtonpost.com/securityfix/, August 2007.
18. Maxmind. http://www.maxmind.com/.
19. st Workshop on Peer-to-Peer Systems (IPTPS), Mar. 2002.
20. D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, and N. Weaver. Inside the slammer worm. IEEE Security and Privacy, 1(4):33–39, 2003.
21. D. Moore, C. Shannon, and k claffy. Code-red: A case study on the spread and victims of an internet worm. In Proceedings of the 2nd ACM SIGCOMM Workshop on Internet Measurment, pages 273–284, New York, NY, USA, 2002. ACM Press.
22. J. Naughton. In millions of windows, the perfect storm is gathering. http://observer.guardian.co.uk/, Oct 2007.
23. P. Porras, H. Saidi, and V. Yegneswaran. A Multi-perspective Analysis of the Storm (Peacomm) Worm. Technical report, Computer Science Laboratory, SRI International, October 2007.
24. M. A. Rajab, J. Zarfoss, F. Monrose, and A. Terzis. A multifaceted approach to understanding the botnet phenomenon. In Proceedings of the 6th Internet Measurement Conference, 2006.
25. M. A. Rajab, J. Zarfoss, F. Monrose, and A. Terzis. My botnet is bigger than yours (maybe, better than yours): Why size estimates remain challenging. In Proceedings of 1st Workshop on Hot Topics in Understanding Botnets (HotBots’07), 2007.
26. A. Singh et al. Eclipse attacks on overlay networks: Threats and defenses. In Proc. Infocom 06, Apr. 2006.
27. M. Steiner, E. W. Biersack, and T. En-Najjary. Exploiting KAD: Possible Uses and Misuses. Computer Communication Review, 37(5), Oct 2007.
28. M. Steiner, W. Effelsberg, T. En-Najjary, and E. W. Biersack. Load reduction in the kad peer-to-peer system. In Fifth International Workshop on Databases, Information Systems and Peer-to-Peer Computing (DBISP2P 2007), 2007.
29. M. Steiner, T. En-Najjary, and E. W. Biersack. A Global View of KAD. In Proceedings of the Internet Measurement Conference (IMC), 2007.
30. J. Stewart. Storm worm DDoS attack. Internet: http://www.secureworks.com/research/threats/ storm-worm, 2007.
31. Y.-M. Wang, D. Beck, X. Jiang, R. Roussev, C. Verbowski, S. Chen, and S. T. King. Automated web patrol with strider honeymonkeys: Finding web sites that exploit browser vulnerabilities. In Proceedings of the 13th Annual Network and Distributed System Security Symposium (NDSS’06), February 2006.
32. C. Willems, T. Holz, and F. Freiling. CWSandbox: Towards automated dynamic binary analysis. IEEE Security and Privacy, 5(2), 2007.