Botnet Life-Cycle

Description:

• ACM Computing Surveys (CSUR)
• 2013 - Survey and Taxonomy of Botnet Research through Life-Cycle
• Rafael A. Rodríguez-Gómez, Gabriel Maciá-Fernández, Pedro García-Teodoro
• http://dl.acm.org/citation.cfm?id=2501654.2501659

Stages and complementary mechanisms of the proposed botnet life-cycle:

1. Botnet conception.
   

   This is the first stage in any botnet life-cycle. The motivation for creating a botnet is an essential element that will directly affect its design and implementation. Diverse reasons might underlie a developer’s decision to generate a botnet. Its main design characteristics are defined in this stage, and these are obviously influenced by the specific purpose intended for the botnet.

   
2. Botnet recruitment
   

   Once a botnet is conceived and created, there is a need for individual bots. Thus, a botmaster must recruit conventional hosts as members of the botnet.

3. Botnet interaction
   

   This stage involves two different processes. First, infected bots must be registered with the botnet in order to incorporate its dynamics and functioning. Second, there must be a communication framework supporting the operation and maintenance of the botnet, so that the botmaster may keep in contact with the different bots. These communications are mainly supported by a C&C channel. The information exchanged is constituted of orders (from the botmaster to the bots) and maintenance operations (code updating, membership accounting, etc.).

   
4. Botnet marketing
   

   Although the most common motivation for a developer to initiate the design and implementation of a botnet is to obtain monetary profit, there are many other possible reasons, including ego, specific cause, entrance to social groups, etc. Whatever the motivations, there is a marketing stage during which the botnet must be publicized; the developer needs to convey the advantages and capabilities of the botnet in a relevant forum in order to cede its use to clients and thus profit from it.

5. Attack execution
   

   In this stage, the botmaster orders the bots to perform an attack. As stated before, one of the main features of botnets is the huge number of bots recruited to carry out the malicious activities. Therefore, botnets are effective weapons for launching attacks that require a large number of hosts: DDoS, spam, click fraud, and phishing, among others.

6. Attack success
   

   The ultimate goal of a botnet is to successfully execute the attack for which it was designed.