You are previewing Botnets.
O'Reilly logo

Book Description

The book begins with real world cases of botnet attacks to underscore the need for action. Next the book will explain botnet fundamentals using real world examples. These chapters will cover what they are, how they operate, and the environment and technology that makes them possible. The following chapters will analyze botnets for opportunities to detect, track, and remove them. Then the book will describe intelligence gathering efforts and results obtained to date. Public domain tools like OurMon, developed by Jim Binkley of Portland State University, will be described in detail along with discussions of other tools and resources that are useful in the fight against Botnets.

* This is the first book to explain the newest internet threat - Botnets, zombie armies, bot herders, what is being done, and what you can do to protect your enterprise
* Botnets are the most complicated and difficult threat the hacker world has unleashed - read how to protect yourself

Table of Contents

  1. Cover image
  2. Title page
  3. Table of Contents
  5. Copyright
  6. Acknowledgments
  7. Lead Authors and Technical Editors
  8. Contributors
  9. Chapter 1: Botnets: A Call to Action
    1. Introduction
    2. The Killer Web App
    3. How Big Is the Problem?
    4. The Industry Responds
    5. Summary
    6. Solutions Fast Track
  10. Chapter 2: Botnets Overview
    1. What Is a Botnet?
    2. The Botnet Life Cycle
    3. What Does a Botnet Do?
    4. Botnet Economics
    5. Summary
    6. Solutions Fast Track
  11. Chapter 3: Alternative Botnet C&Cs
    1. Introduction: Why Are There Alternative C&Cs?
    2. Historical C&C Technology as a Road Map
    3. DNS and C&C Technology
    4. Alternative Control Channels
    5. Web-Based C&C Servers
    6. Summary
    7. Solutions Fast Track
  12. Chapter 4: Common Botnets
    1. Introduction
    2. SDBot
    3. RBot
    4. Agobot
    5. Spybot
    6. Mytob
    7. Summary
    8. Solutions Fast Track
  13. Chapter 5: Botnet Detection: Tools and Techniques
    1. Introduction
    2. Abuse
    3. Network Infrastructure: Tools and Techniques
    4. Intrusion Detection
    5. Darknets, Honeypots, and Other Snares
    6. Forensics Techniques and Tools for Botnet Detection
    7. Firewall Logs
    8. Antivirus Software Logs
    9. Summary
    10. Solutions Fast Track
    11. Forensics Techniques and Tools for Botnet Detection
  14. Chapter 6: Ourmon: Overview and Installation
    1. Introduction
    2. Case Studies: Things That Go Bump in the Night
    3. How Ourmon Works
    4. Installation of Ourmon
    5. Summary
    6. Solutions Fast Track
  15. Chapter 7: Ourmon: Anomaly Detection Tools
    1. Introduction
    2. The Ourmon Web Interface
    3. A Little Theory
    4. TCP Anomaly Detection
    5. UDP Anomaly Detection
    6. Detecting E-mail Anomalies
    7. Summary
    8. Solutions Fast Track
  16. Chapter 8: IRC and Botnets
    1. Introduction
    2. Understanding the IRC Protocol
    3. Ourmon’s RRDTOOL Statistics and IRC Reports
    4. Detecting an IRC Client Botnet
    5. Detecting an IRC Botnet Server
    6. Summary
    7. Solutions Fast Track
  17. Chapter 9: Advanced Ourmon Techniques
    1. Introduction
    2. Automated Packet Capture
    3. Ourmon Event Log
    4. Tricks for Searching the Ourmon Logs
    5. Sniffing IRC Messages
    6. Optimizing the System
    7. Summary
    8. Solutions Fast Track
  18. Chapter 10: Using Sandbox Tools for Botnets
    1. Introduction
    2. Describing CWSandbox
    3. Examining a Sample Analysis Report
    4. Interpreting an Analysis Report
    5. Bot-Related Findings of Our Live Sandbox
    6. Summary
    7. Solutions Fast Track
    8. Notes
  19. Chapter 11: Intelligence Resources
    1. Introduction
    2. Identifying the Information an Enterprise/University Should Try to Gather
    3. Places/Organizations Where Public Information Can Be Found
    4. Membership Organizations and How to Qualify
    5. Confidentiality Agreements
    6. What to Do with the Information When You Get It
    7. The Role of Intelligence Sources in Aggregating Enough Information to Make Law Enforcement Involvement Practical
    8. Summary
    9. Solutions Fast Track
  20. Chapter 12: Responding to Botnets
    1. Introduction
    2. Giving Up Is Not an Option
    3. Why Do We Have This Problem?
    4. What Is to Be Done?
    5. A Call to Arms
    6. Summary
    7. Solutions Fast Track
  21. FSTC Phishing Solutions Categories
  22. Index