Aditya K. Sood
Third Generation Botnets (TGBs) have circumvented the normal stature of the World Wide Web. These botnets harness the power of the HTTP communication model to complete their stealthy operations. To automate the exploit distribution mechanism for infecting users on a large scale, TGBs are collaborating with Browser Exploit Packs (BEPs). TGBs include Zeus, SpyEye, and the present-day botnet ICEX that are explicitly using BEPs such as BlackHole and Phoenix for insidious infections. Several cases of large scale infections have been seen in the recent past. Additionally, TGBs are designed with sophisticated attack techniques such as form grabbing, Ruskill, web injects (WI), web fakes (WF), DNS tampering, and other custom plug-ins to steal information. These attack techniques are heavily relied upon in the Man in the Browser (MitB) paradigm. The infection strategies include programs such as spreaders that infect other software to conduct drive-by-download/drive-by-cache attacks. This talk delves deep into the design of present-day malware and advancements in attack techniques and infection strategies and is an outcome of real time case studies. Several demos will be shown to back up the arguments.