| Summary: | Botnet malware is a malicious
program. Botnet that infects computers, called bots,
will be controlled by a botmaster to do various things
such as: spamming, phishing, keylogging Distributed
Denial of Service (DDoS) and other activities that are
generally profitable to the owner of the bot
(botmaster) or those who use botnet services. The
problem is that many computers have been controlled
by botnets without the knowledge of the computer
owner. There are many ways to examine botnets, for
example by studying the traffic from the botnet
network, studying how botnets communicate to each,
studying how each robot receives orders to do
something, and so forth. Of the many methods, the
most frequently and commonly used is the reverse
engineering, where researchers study how a botnet
works by botnet debugging.
In this study the author tries to understand or
research botnets by taking a type of botnet, namely
Agobot, using reverse engineering. One of the result
of the research is that malware program files in
general and in particular botnet has a technique to
obscure the way that research using reverse
engineering.
Another result also shows that the botnet Agobot
runs on computers by using the Windows service, and
by changing the Windows registry so that every time
the computer starts, Agobot always actively works in
the computer memory.
|
|---|