Make It Count: an Analysis of a Brute-forcing Botnet
The smallest element in a botnet is a bot. The behavior of a bot can change dynamically based on the decision of the botmaster. Commonly driven by profit, bots are expected to be profitable. If an infected bot does not fulfill the expectations, the botmaster can instruct the bot to switch it's...
| Main Author: | |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Centre Expert contre la Cybercriminalité Français (CECyF)
2016-02-01
|
| Series: | Le Journal de la Cybercriminalité & des Investigations Numériques |
| Online Access: | https://journal.cecyf.fr/ojs/index.php/cybin/article/view/5 |
| _version_ | 1818190141931388928 |
|---|---|
| author | Veronica Valeros |
| author_facet | Veronica Valeros |
| author_sort | Veronica Valeros |
| collection | DOAJ |
| description | The smallest element in a botnet is a bot. The behavior of a bot can change dynamically based on the decision of the botmaster. Commonly driven by profit, bots are expected to be profitable. If an infected bot does not fulfill the expectations, the botmaster can instruct the bot to switch it's behavior to serve a better purpose. This paper presents a detailed analysis of a network traffic capture of a machine originally infected by a Gamarue variant. The analysis will uncover the behavior of the bot since the initial infection, inactivity period, delivery of a new payload and the following switch of behavior of the bot. The paper will analyze the infection in detail, including the horizontal brute-forcing activity affecting thousands of WordPress websites. The goal of the paper is to show a concrete example of a bot performing brute-forcing, analyze it, identify the mechanisms used and indicators of compromise that will help detect it. |
| first_indexed | 2024-12-11T23:54:00Z |
| format | Article |
| id | doaj.art-ef73cf438d7e461a86d2b5099f727acd |
| institution | Directory Open Access Journal |
| issn | 2494-2715 |
| language | English |
| last_indexed | 2024-12-11T23:54:00Z |
| publishDate | 2016-02-01 |
| publisher | Centre Expert contre la Cybercriminalité Français (CECyF) |
| record_format | Article |
| series | Le Journal de la Cybercriminalité & des Investigations Numériques |
| spelling | doaj.art-ef73cf438d7e461a86d2b5099f727acd2022-12-22T00:45:25ZengCentre Expert contre la Cybercriminalité Français (CECyF)Le Journal de la Cybercriminalité & des Investigations Numériques2494-27152016-02-011110.18464/cybin.v1i1.59Make It Count: an Analysis of a Brute-forcing BotnetVeronica Valeros0CISCOThe smallest element in a botnet is a bot. The behavior of a bot can change dynamically based on the decision of the botmaster. Commonly driven by profit, bots are expected to be profitable. If an infected bot does not fulfill the expectations, the botmaster can instruct the bot to switch it's behavior to serve a better purpose. This paper presents a detailed analysis of a network traffic capture of a machine originally infected by a Gamarue variant. The analysis will uncover the behavior of the bot since the initial infection, inactivity period, delivery of a new payload and the following switch of behavior of the bot. The paper will analyze the infection in detail, including the horizontal brute-forcing activity affecting thousands of WordPress websites. The goal of the paper is to show a concrete example of a bot performing brute-forcing, analyze it, identify the mechanisms used and indicators of compromise that will help detect it.https://journal.cecyf.fr/ojs/index.php/cybin/article/view/5 |
| spellingShingle | Veronica Valeros Make It Count: an Analysis of a Brute-forcing Botnet Le Journal de la Cybercriminalité & des Investigations Numériques |
| title | Make It Count: an Analysis of a Brute-forcing Botnet |
| title_full | Make It Count: an Analysis of a Brute-forcing Botnet |
| title_fullStr | Make It Count: an Analysis of a Brute-forcing Botnet |
| title_full_unstemmed | Make It Count: an Analysis of a Brute-forcing Botnet |
| title_short | Make It Count: an Analysis of a Brute-forcing Botnet |
| title_sort | make it count an analysis of a brute forcing botnet |
| url | https://journal.cecyf.fr/ojs/index.php/cybin/article/view/5 |
| work_keys_str_mv | AT veronicavaleros makeitcountananalysisofabruteforcingbotnet |