Botnets: The Killer Web Applications

Front Cover
Elsevier, Apr 18, 2011 - Computers - 480 pages
The book begins with real world cases of botnet attacks to underscore the need for action. Next the book will explain botnet fundamentals using real world examples. These chapters will cover what they are, how they operate, and the environment and technology that makes them possible. The following chapters will analyze botnets for opportunities to detect, track, and remove them. Then the book will describe intelligence gathering efforts and results obtained to date. Public domain tools like OurMon, developed by Jim Binkley of Portland State University, will be described in detail along with discussions of other tools and resources that are useful in the fight against Botnets.
  • This is the first book to explain the newest internet threat - Botnets, zombie armies, bot herders, what is being done, and what you can do to protect your enterprise
  • Botnets are the most complicated and difficult threat the hacker world has unleashed - read how to protect yourself
 

What people are saying - Write a review

User Review - Flag as inappropriate

This was very useful, I am writing a paper on the deep web and this helped me alot

Contents

A Call to Action
1
Chapter 2 Botnets Overview
29
Chapter 3 Alternative Botnet CCs
77
Chapter 4 Common Botnets
97
Tools and Techniques
133
Overview and Installation
217
Anomaly Detection Tools
245
Chapter 8 IRC and Botnets
285
Chapter 9 Advanced Ourmon Techniques
313
Chapter 10 Using Sandbox Tools for Botnets
345
Chapter 11 Intelligence Resources
391
Chapter 12 Responding to Botnets
417
FSTC Phishing Solutions Categories
453
Index
459
Copyright

Other editions - View all

Common terms and phrases

Popular passages

Page i - FAQs from the book, corrections, and any updates from the author(s). ULTIMATE CDs Our Ultimate CD product line offers our readers budget-conscious compilations of some of our best-selling backlist titles in Adobe PDF form. These CDs are the perfect way to extend your reference library on key topics pertaining to your area of expertise, including Cisco Engineering, Microsoft Windows System Administration, Cybercrime Investigation, Open Source Security, and Firewall Configuration, to name a few. DOWNLOADABLE...
Page v - O'Reilly Media, Inc. in the United States and Canada. For information on rights, translations, and bulk sales, contact Matt Pedersen, Director of Sales and Rights, . Acknowledgments Syngress would like to acknowledge the following people for their kindness and support in making this book possible.
Page vii - Michael Cross (MCSE, MCP+I, CNA, Network+) is an Internet Specialist / Computer Forensic Analyst with the Niagara Regional Police Service. He performs computer forensic examinations on computers involved in criminal investigations, and has consulted and assisted in cases dealing with computer-related/Internet crimes. In addition to designing and maintaining their Web site at www.nrps.com and Intranet, he has also provided support in the areas of programming, hardware, and network administration....
Page i - Syngress is committed to publishing high-quality books for IT Professionals and delivering those books in media and formats that fit the demands of our customers. We are also committed to extending the utility of the book you purchase via additional materials available from our Web site. SOLUTIONS WEB SITE To register your book, visit www.syngress.com/solutions. Once registered, you can access our solutions@syngress.com Web pages. There you may find an assortment of value-added features such as free...
Page vii - Web page design, and Bookworms (www.bookworms.ca), where you can purchase collectibles and other interesting items online. He has been a freelance writer for several years, and he has been published more than three dozen times in numerous books and anthologies.
Page vi - President of Hawkeye Security Training, LLC. He is the primary author of the first Generally Accepted System Security Principles. He was a coauthor of several editions of the Handbook of Information Security Management and a contributing author to Data Security Management. Craig...

About the author (2011)

Craig A Schiller (CISSP-ISSMP, ISSAP) is the CISO for Portland State University and President of Hawkeye Security Training, LLC. He is the primary author of the first Generally Accepted System Security Principles. He is a co-author of “Combating Spyware in the Enterprise and “Winternals from Syngress, several editions of the Handbook of Information Security Management, and a contributing author to Data Security Management. Mr. Schiller has co-founded two ISSA chapters, the Central Plains chapter and the Texas Gulf Coast Chapter.

Jim Binkley is a teacher, network engineer, and researcher in the Computer Science Department at Portland State University. Jim has twenty five years of experience with UNIX operating system internals and twenty years of experience with TCP/IP networking. Jim teaches a graduate sequence of networking classes including TCP/IP, routing, and network security, and also teaches operating system classes including Linux O.S. internals, Linux Device Drivers, and BSD TCP/IP stack internals.

Tony Bradley (CISSP-ISSAP) is the Guide for the Internet/Network Security site on About.com, a part of The New York Times Company. He has written for a variety of other Web sites and publications, including PC World, SearchSecurity.com, WindowsNetworking.com, Smart Computing magazine, and Information Security magazine. Currently a security architect and consultant for a Fortune 100 company, Tony has driven security policies and technologies for antivirus and incident response for Fortune 500 companies, and he has been network administrator and technical support for smaller companies. He is author of Essential Computer Security: Everyone’s Guide to E-mail, Internet, and Wireless Security (Syngress, ISBN: 1597491144).

Tony is a CISSP (Certified Information Systems Security Professional) and ISSAP (Information Systems Security Architecture Professional). He is Microsoft Certified as an MCSE (Microsoft Certified Systems Engineer) and MCSA (Microsoft Certified Systems Administrator) in Windows 2000 and an MCP (Microsoft Certified Professional) in Windows NT. Tony is recognized by Microsoft as an MVP (Most Valuable Professional) in Windows security.

On his About.com site, Tony has on average over 600,000 page views per month and 25,000 subscribers to his weekly newsletter. He created a 10-part Computer Security 101 Class that has had thousands of participants since its creation and continues to gain popularity through word of mouth. In addition to his Web site and magazine contributions, Tony was also coauthor of Hacker’s Challenge 3 (ISBN: 0072263040) and a contributing author to Winternals: Defragmentation, Recovery, and Administration Field Guide (ISBN: 1597490792) and Combating Spyware in the Enterprise (ISBN: 1597490644).

Tony wrote Chapter 4.

Michael Cross is a SharePoint Administrator and Developer, and has worked in the areas of software development, Web design, hardware installation/repairs, database administration, graphic design, and network administration. Working for law enforcement, he is part of an Information Technology team that provides support to over 1,000 civilian and uniformed users. His theory is that when the users carry guns, you tend to be more motivated in solving their problems.

Michael has a diverse background in technology. He was the first computer forensic analyst for a local police service, and performed digital forensic examinations on computers involved in criminal investigations. Over five years, he recovered and examined evidence involved in a wide range of crimes, inclusive to homicides, fraud, and possession of child pornography. In addition to this, he successfully tracked numerous individuals electronically, as in cases involving threatening e-mail. He has consulted and assisted in numerous cases dealing with computer-related/Internet crimes and served as an expert witness on computers for criminal trials. In 2007, he was awarded a Police Commendation for work he did in developing a system to track local high-risk offenders and sexual offenders.

With extensive experience in Web design and Internet-related technologies, Michael has created and maintained numerous Web sites and implementations of Microsoft SharePoint. This has included public Web sites, private ones on corporate intranets, and solutions that integrate them. In doing so, he has incorporated and promoted social networking features, created software to publish press releases online, and developed a wide variety of solutions that make it easier to get work done.

Michael has been a freelance writer and technical editor on over four dozen I.T. related books, as well as writing material for other genres. He previously taught as an instructor and has written courseware for IT training courses. He has also made presentations on Internet safety, SharePoint and other topics related to computers and the Internet. Despite his experience as a speaker, he still finds his wife won't listen to him.

Over the years, Michael has acquired a number of certifications from Microsoft, Novell and Comptia, including MCSE, MCP+I, CNA, Network+. When he isn’t writing or otherwise attached to a computer, he spends as much time as possible with the joys of his life: his lovely wife, Jennifer; darling daughter Sara; adorable daughter Emily; and charming son Jason.

For the latest information on him, his projects, and a variety of other topics, you can follow him on Twitter @mybinarydreams, visit his Facebook page at www.facebook.com/mybinarydreams, follow him on LinkedIn at www.linkedin.com/in/mcross1, or read his blog at http://mybinarydreams.wordpress.com.

Gadi Evron works for the McLean, VA-based vulnerability assessment solution vendor Beyond Security as Security Evangelist and is the chief editor of the security portal SecuriTeam. He is a known leader in the world of Internet security operations, especially regarding botnets and phishing. He is also the operations manager for the Zeroday Emergency Response Team (ZERT) and a renowned expert on corporate security and espionage threats. Previously, Gadi was Internet Security Operations Manager for the Israeli government and the manager and founder of the Israeli government’s Computer Emergency Response Team (CERT).

David Harley has been researching and writing about malicious software and other security issues since the end of the 1980s. From 2001 to 2006 he worked in the UK's National Health Service as a National Infrastructure Security Manager, where he specialized in the management of malicious software and all forms of email abuse, as well as running the Threat Assessment Centre, and has worked since as an independent author and consultant for Small Blue-Green World. He joined ESET's Research team in January 2008. He was co-author of Viruses Revealed (McGraw-Hill) and lead author and technical editor of The AVIEN Malware Defense Guide for the Enterprise (Syngress), as well as a contributor to Botnets: the Killer Web App (Syngress). He has contributed chapters to many other books on security and education for publishers such as Wiley, Pearson and Vieweg, as well as a multitude of specialist articles and conference papers. In his copious free time he is Chief Operations Officer for AVIEN (the Anti-Virus Information Exchange Network) and administers the MAC Virus web site.

Chris Ries is a Security Research Engineer for VigilantMinds Inc., a managed security services provider and professional consulting organization based in Pittsburgh. His research focuses on the discovery, exploitation, and remediation of software vulnerabilities, analysis of malicious code, and evaluation of security software. Chris has published a number of advisories and technical white papers based on his research and has contributed to several books on information security. Chris holds a bachelor’s degree in Computer Science with a Mathematics Minor from Colby College, where he completed research involving automated malicious code detection. Chris has also worked as an analyst at the National Cyber-Forensics & Training Alliance (NCFTA), where he conducted technical research to support law enforcement.

Carsten Willems is an independent software developer with 10 years’ experience. He has a special interest in the development of security tools related to malware research. He is the creator of the CWSandbox, an automated malware analysis tool. The tool, which he developed as a part of his thesis for his master’s degree in computer security at RWTH Aachen, is now distributed by Sunbelt Software in Clearwater, FL. He is currently working on his PhD thesis, titled “Automatic Malware Classification, at the University of Mannheim. In November 2006 he was awarded third place at the Competence Center for Applied Security Technology (CAST) for his work titled “Automatic Behaviour Analysis of Malware. In addition, Carsten has created several office and e-business products. Most recently, he has developed SAGE GS-SHOP, a client-server online shopping system that has been installed over 10,000 times.

Carsten wrote Chapter 10.

Bibliographic information