Scribd
Upload
53 views

Botnet Attacks

Botnets are groups of internet-connected computers infected with malware that can be controlled by hackers to carry out malicious activities like DDoS attacks, password leaks, and data theft. A DDoS attack overwhelms servers with requests in order to cause disruptions, and can be done through either saturating bandwidth or consuming server resources. Common botnets are named after the malware used to create them, with Nitol being one of the largest that was found pre-installed on counterfeit Windows systems sold in China, while The Cyclone is a US-created botnet that utilizes IRC and obfuscated commands.

Uploaded by

Zohaib Hassan
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
53 views

Botnet Attacks

Botnets are groups of internet-connected computers infected with malware that can be controlled by hackers to carry out malicious activities like DDoS attacks, password leaks, and data theft. A DDoS attack overwhelms servers with requests in order to cause disruptions, and can be done through either saturating bandwidth or consuming server resources. Common botnets are named after the malware used to create them, with Nitol being one of the largest that was found pre-installed on counterfeit Windows systems sold in China, while The Cyclone is a US-created botnet that utilizes IRC and obfuscated commands.

Uploaded by

Zohaib Hassan
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

Botnet Attacks

A botnet is a group of internet-connected computers that have been infected with malware and can be

controlled by hackers. Botnet attacks, which involve malicious activities such as password leaks,

unauthorized access, data theft, and DDoS attacks, are carried out by cyber criminals using botnets.

The word "distributed denial of service" (DDoS) is an acronym for "distributed denial of service." A DDoS

attack is a malicious attempt to prevent users from accessing a server or network resource. It is

accomplished by saturating a service, causing it to be temporarily suspended or interrupted. A single

machine is used in a Denial of Service (DoS) attack to either target a software vulnerability or to flood a

targeted resource with packets, requests, or queries. A DDoS attack, however, uses several connected

devices—often executed by botnets or, on occasion, by individuals who have organized their operation.

DDoS attacks are grouped into two categories:

I. Layer of functionality HTTP floods, slow attacks (Slow Loris, RUDY), zero-day attacks, and attacks

targeting vulnerabilities in operating systems, web applications, and communication protocols

are all examples of DDoS attacks. The aim of the attacks is to overwhelm a target application

with requests, which are made up of apparently legitimate and innocent requests that are

normally measured in requests per second (RPS). This results in high CPU and memory

consumption, which causes the application to hang or crash.

II. UDP floods, SYN floods, NTP amplification, DNS amplification, SSDP amplification, IP

fragmentation, and other network layer DDoS attack forms exist. These are high-capacity

barrages, with data rates calculated in gigabits per second (Gbps) or packets per second (PPS)

(PPS). Botnets almost always carry them out with the intention of absorbing the target's

upstream bandwidth and causing network saturation. DDoS attacks can also target supporting
infrastructures and facilities, the most popular of which are the target's DNS servers. These can

become overburdened as a result of a flood of forged DNS requests coming from botnet devices.

Botnets are commonly named after the malware kits that were used to build them. However, since

botnet herders work in the darkness, not all of these kits are traceable. 

Nitol / IMDDOS / Avzhan / ChinaZ

This is a dynamic DDoS botnet family that changes over time. It is mainly active in China. If enabled, the

malware uses a TCP socket to bind to the botnet's C&C server and then sends output data from the

victim's machine.

In 2012, Microsoft security researchers discovered that Nitol-infected PCs were being sold in large

quantities in China, each with a counterfeit Windows operating system installed. Nitol was found to be

the most widely-spread botnet three years later, with compromised computers responsible for 59.2

percent of all attacking botnet IPs.

The cyclone

This is DDoS malware developed in the United States. It's IRC-based, with obfuscated C&C data. In

addition to stealing FTP credentials from FileZilla, it has been known to destroy other bots on an

infected host. Multiple HTTP floods, Slow Loris (though not slow), and ARME are among the attacks

(Apache remote memory exhaustion).

You might also like