Botnet Detection and Removal

A Botnet is a computer network called as bots under the control of a Botmaster that are connected to the internet.
Botnets were initially designed for big business but generally used for malicious purposes and can be controlled using IRC and HTTP network protocols. Initial development of Botnet as a virtual individual sit in an IRC channel and perform tasks.
After the first release, few worms like Trojan horse program obtained at the time of files downloading exploit IRC client and thus infected computers.
These are called as bots used to steal passwords, log keystrokes and act as a proxy server to conceal the attackers identity. Recruitment Computers are recruited as Botnets by running malicious software. Botmaster control and command takes place through a C&C server.

Bots run as hidden process and uses a convert channel to communicate with its C&C server.
The process of stealing computing resources as a result of systems being joined to a Botnet is referred as scrumping.

Mostly used Botnet technologies varies among star, multi server, hierarchical and random modes.
Con flicker is an example for Botnet.

Formation and exploitation
A Botnet operator sends virus or worms (bots).
The bots on infected PC logs into a particular C&C server.
Spammer purchase service of Botnet from operator.
Spammer provides spam message to operator who instructs the compromised machines via the IRC server, causing them to send out spam messages.

Botnets are exploited for various purposes, including denial of service attacks (DOS), creation or misuse of SMTP mail relays, the theft of application serial numbers, login IDs, and financial information such as credit card numbers.

Botnet Removal / Prevention
Run scans on every week, Passive OS fingerprinting can identify attacks originating from a botnet. Network administrators can configure newer firewall equipment to take action on a Botnet attack by using information obtained from passive OS fingerprinting.
The host based techniques use Anti Virus software to prevent Botnet attacks.
Also run Micros RUBotted tool or any preventing programs to safely remove your PC from the Botnet.

Related Topic: http://www.collegelib.com/t-anti-virus-protection.html
External References
http://en.wikipedia.org/wiki/Botnet
http://en.wikipedia.org/wiki/Storm_botnet
http://iseclab.org/papers/tr_botdetection.pdf
http://www.cisco.com/web/about/security/intelligence/virus-worm-diffs.html


We prepared and published this seminar abstract for final year engineering students seminar research. You should do your own research additional to this information before presenting your seminar.
Please include "Reference: Collegelib.com" and link back to this page in your work.
Subscribe via email for more Latest topics
12 Steps to boost your innovative project ideas
Read our Sample Seminar Reports for preparing a better Seminar report and PPT.
Recommended technology reading: CRM Software