Waledac Botnet - Deployment and Communication Analysis
(Publication) Google search: [1]
| Waledac Botnet - Deployment and Communication Analysis | |
|---|---|
| |
| Botnet | Waledac |
| Malware | Waledac |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2009 / |
| Editor/Conference | Fortinet |
| Link | http://www.fortiguard.com/analysis/waledacanalysis.html Fortinet Article (Fortinet Article Archive copy) |
| Author | Kyle Yang, Derek Manky |
| Type | |
Abstract
“ Historically, Botnets have used IRC (Internet Relay Chat) for control. This has a critical drawback, which is its server/client architecture. We could find the server/RP (Rendezvous Point) easily since it’s really hard to hide them based on their server/client model. As a result of this architecture, the entire Botnet will be stopped if we take down the server/RP. In recent years, Botnets have moved to use P2P technology. One of the most remarkable examples is the Storm Botnet, which was prevalent in 2007. At the time, it was the world's most active and infamous Botnet, with a sophisticated C&C channel which created a high impact on spam sent worldwide. Waledac enhanced its predecessor by abandoning the server/client model, moving forward to use P2P to control its bots. The P2P architecture performs as a protector/shield of the server/RP in an effort to hide them from being found. This also allows the “controller” to control the Bots completely decentralized. Waledac's main purpose is to send spam, usually by taking advantage of many real-world events - social engineering that tricks users into downloading copies of itself or other malicious executables. Notable Waledac spam campaigns include Valentine's day, Obama presidency, The "Couponizer", 4th of July, and Bomb Scares.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2009BFR821,
editor = {Fortinet},
author = {Kyle Yang, Derek Manky},
title = {Waledac Botnet - Deployment and Communication Analysis},
date = {02},
month = May,
year = {2009},
howpublished = {\url{http://www.fortiguard.com/analysis/waledacanalysis.html Fortinet Article}},
}