Malware analysis from DDoS agents to bots and more
Sven Dietrich
Carnegie Mellon University / Software Engineering Institute
Thursday, March 8, 11:00AM
Babbio Center, Room 202
Stevens Institute of Technology
Abstract
Distributed intruder attack tools (from the early distributed denial of
service handler/agent programs, to IRC based bots) have suffered from a
major weakness that resulted in their takeover or takedown. That weakness
was a detectable command and control channel that exposed the entire
network and/or the attackers own commands. We discuss the communication
techniques of DDoS malware evolving from simple to sophisticated since the
first major attacks in 1999, outline the challenges for network
defenders, and describe some of the analysis techniques (and systems) used
for discovery of the malware mission and capabilities.