Presentation Material
Abstract
Third Generation Botnets (TGBs) have circumvented the normal stature of the World Wide Web. These botnets harness the power of the HTTP communication model to complete their stealthy operations. To automate the exploit distribution mechanism for infecting users on a large scale, TGBs are collaborating with Browser Exploit Packs (BEPs). TGBs include Zeus, SpyEye, and the present-day botnet ICEX that are explicitly using BEPs such as BlackHole and Phoenix for insidious infections. Several cases of large scale infections have been seen in the recent past. Additionally, TGBs are designed with sophisticated attack techniques such as form grabbing, Ruskill, web injects (WI), web fakes (WF), DNS tampering, and other custom plug-ins to steal information. These attack techniques are heavily relied upon in the Man in the Browser (MitB) paradigm. The infection strategies include programs such as spreaders that infect other software to conduct drive-by-download/drive-by-cache attacks. This talk delves deep into the design of present-day malware and advancements in attack techniques and infection strategies and is an outcome of real time case studies. Several demos will be shown to back up the arguments.
AI Generated Summary
The talk focused on advancements in botnet attacks and malware distribution strategies. The researcher presented a taxonomy of browser-based malware, categorizing it into three classes: Class A (malicious extensions), Class B (plugin-based exploits), and Class C (userland rootkits). The researcher demonstrated how attackers exploit vulnerabilities in plugins and browsers to compromise systems, using techniques such as drive-by downloads and social engineering.
Key findings included the use of automated infection frameworks, such as Java-based exploits, to compromise systems. The researcher also highlighted the importance of understanding the “anatomy” of malware to develop effective protection mechanisms. Additionally, the researcher demonstrated how attackers use proxy-based software, such as Glide proxies, to manipulate and inject malicious scripts into web pages, compromising user privacy and security.
Practical implications of the research include the need for users to be aware of the risks associated with using public proxies and the importance of keeping browser plugins and software up to date. The researcher also emphasized the need for security professionals to stay vigilant and adapt to evolving attack strategies, using techniques such as behavioral-based testing and emulation to analyze and detect malware. Overall, the talk provided insights into the evolving landscape of botnet attacks and malware distribution, highlighting the need for continued research and development of effective security measures.