[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <BAY104-DAV115EE43FC364E1E5011E4FD0560@phx.gbl>
From: pingywon at hotmail.com (pingywon)
Subject: Know Your Enemy: Tracking Botnets
haha .. I didnt think anyone was REALLY named Thorsten
... I mean good paper....
~pingywon
----- Original Message -----
From: "Thorsten Holz" <thorsten.holz@...eg.rwth-aachen.de>
To: "dailydave" <dailydave@...ts.immunitysec.com>;
<honeypots@...urityfocus.com>; <full-disclosure@...ts.grok.org.uk>
Sent: Sunday, March 13, 2005 10:08 PM
Subject: [Full-disclosure] Know Your Enemy: Tracking Botnets
> Greetings,
>
> The Honeynet Project and Research Alliance is excited to announce the
> release of a new paper "KYE: Tracking Botnets". This paper is based on
> the extensive research by the German Honeynet Project.
>
> KYE: Tracking Botnets
> http://www.honeynet.org/papers/bots/
>
> Abstract:
> ---------
>
> Honeypots are a well known technique for discovering the tools, tactics,
> and motives of attackers. In this paper we look at a special kind of
> threat: the individuals and organizations who run botnets. A botnet is a
> network of compromised machines that can be remotely controlled by an
> attacker. Due to their immense size (tens of thousands of systems can be
> linked together), they pose a severe threat to the community. With the
> help of honeynets we can observe the people who run botnets - a task
> that is difficult using other techniques. Due to the wealth of data
> logged, it is possible to reconstruct the actions of attackers, the
> tools they use, and study them in detail. In this paper we take a closer
> look at botnets, common attack techniques, and the individuals involved.
>
> We start with an introduction to botnets and how they work, with
> examples of their uses. We then briefly analyze the three most common
> bot variants used. Next we discuss a technique to observe botnets,
> allowing us to monitor the botnet and observe all commands issued by the
> attacker. We present common behavior we captured, as well as statistics
> on the quantitative information learned through monitoring more than one
> hundred botnets during the last few months. We conclude with an overview
> of lessons learned and point out further research topics in the area of
> botnet-tracking, including a tool called mwcollect2 that focuses on
> collecting malware in an automated fashion.
>
> Thank you for your time,
> Thorsten Holz, on behalf of the GHP
> (http://www-i4.informatik.rwth-aachen.de/lufg/honeynet)
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://www.secunia.com/
>
Powered by blists - more mailing lists