Temporal evolution of botnets and their C&C protocols

Description:

• ACM Computing Surveys (CSUR)
• 2013 - Survey and Taxonomy of Botnet Research through Life-Cycle
• Rafael A. Rodríguez-Gómez, Gabriel Maciá-Fernández, Pedro García-Teodoro
• http://dl.acm.org/citation.cfm?id=2501654.2501659

Botnets and their protocols:

References:

• POINTER, R. 1993. Home page of eggdrop botnet. http://s23.org/wiki/Eggdrop. [Eggdrop]
• BARFORD, P. AND YEGNESWARAN, V. 2007. An inside look at botnets. In ARO-DHS Special Workshop on Malware Detection, Advances in Information Security Series, vol. 27, Springer, 171–191. [GT-Bot][Agobot][SDBot][SpyBot]
• BACHER, P., HOLZ, T., KOTTER, M., AND WICHERSKI, G. 2008. Know your enemy: Tracking botnets. Tech. rep., The Honeynet Project. October. http://www.honeynet.org/book/export/html/50. [GT-Bot][Agobot][SDBot]
• LIU, J., XIAO, Y., GHABOOSI, K., DENG, H., AND ZHANG, J. 2009. Botnet: Classification, attacks, detection, tracing, and preventive measures. EURASIP J. Wirel. Comm. Netw. 2009, 1. [SpyBot]
• STEWART, J. 2004a. Bobax trojan analysis. Tech. rep., SecureWorks. http://www.secureworks.com/research/threats/bobax/. [Bobax]
• STEWART, J. 2010. Zeus banking trojan report. Tech. rep., SecureWorks. http://www.secureworks.com/cyber-threat-intelligence/threats/zeus/. [ZeuS]
• STONE-GROSS, B., COVA, M., GILBERT, B., KEMMERER, R., KRUEGEL, C., AND VIGNA, G. 2011. Analysis of a botnet takeover. IEEE Secur. Privacy 9, 1, 64–72. [Torpig]
• NAZARIO, J. 2009. Twitter-based botnet command channel. Tech. rep., Arbor SERT. August. http://ddos.arbornetworks.com/2009/08/twitter-based-botnet-command-channel/. [Twetbot]
• ARCE, I. AND LEVY, E. 2003. An analysis of the slapper worm. IEEE Secur. Privacy Mag. 1, 1, 82–87. [Slapper]
• STEWART, J. 2009. Sinit p2p trojan analysis. Tech. rep., SecureWorks. http://www.secureworks.com/research/threats/sinit/. [Sinit]
• STEWART, J. 2004b. Phatbot trojan analysis. Tech. rep., SecureWorks. http:// www.secureworks.com/research/threats/phatbot/. [Phatbot]
• STOVER, S., DITTRICH, D., HERNANDEZ, J., AND DIETRICH, S. 2007. Analysis of the storm and nugache trojans: P2P is here. USENIX 32, 6, 46–63. [Nugache][Storm Worm] (also known as Peacomm)
• GRIZZARD, J. B., SHARMA, V., NUNNERY, C., KANG, B. B., AND DAGON, D. 2007. Peer-to-peer botnets: Overview and case study. In Proceedings of the 1st Conference on the 1st Workshop on Hot Topics in Understanding Botnets. USENIX Association, Berkeley, CA, 1–8. [Storm Worm] (also known as Peacomm)
• HOLZ, T., STEINER, M., DAHL, F., BIERSACK, E., AND FREILING, F. 2008b. Measurements and mitigation of peer-to-peer-based botnets: A case study on storm worm. In Proceedings of the 1st USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET’08). USENIX Association, 1–9. [Storm Worm] (also known as Peacomm)
• CALVET, J., DAVIS, C., AND BUREAU, P.-M. 2009. Malware authors don’t learn, and that’s good! In Proceedings of the 4th International Conference on Malicious and Unwanted Software (MALWARE’09). 88–97. [Waledac]
• IL JANG, D., KIM, M., CHUL JUNG, H., AND NOH, B.-N. 2009. Analysis of HTTP2P botnet: Case study waledac. In Proceedings of the 9th Malaysia International Conference on Communications (MICC’09). 409–412. [Waledac]
• SINCLAIR, G., NUNNERY, C., AND KANG, B.-H. 2009. The waledac protocol: The how and why. In Proceedings of the 4th International Conference on Malicious and Unwanted Software (MALWARE’09). 69–77. [Waledac]
• LEDER, F., WERNER, T., AND MARTINI, P. 2009. Proactive botnet countermeasures an offensive approach. In Proceedings of the 1st Conference on Cyber Warfare (CCDECEO’09). [Conficker]
• SHIN, S. AND GU, G. 2010. Conficker and beyond: A large-scale empirical study. In Proceedings of the 26th Annual Computer Security Applications Conference (ACSAC’10). ACM Press, New York, 151–160. [Conficker]
• CHIEN, E. 2010. W32.stuxnet dossier. Tech. rep., Symantec. Septemeber. http://www.symantec.com/connect/blogs/w32stuxnet-dossier. [Stuxnet]
• RODIONOV, E. AND MATROSOV, A. 2011. The evolution of tdl: Conquering x64. Tech. rep.,ESET. June. http://go.eset.com/us/resources/white-papers/The Evolution of TDL.pdf. [TDL4]
• ABUSE.CH 2011. Zeus gets more sophisticated using P2P techniques. Tech. rep. http://www.abuse.ch/?p=3499. [ZeuS]