The Jungle of the Web - A Way to Survive by Detecting Fast Flux Botnets
Abstract
The World Wide Web exceeded a number of one trillion pages in 2008. It is considered that one in ten pages contains malware like computer viruses, worms, trojan horses, spyware, crimeware, or other malicious software. This way the WWW became the biggest scene of crime ever observed.
The development of the World Wide Web is an evolution. The cybercrimes have been becoming more diverse and sophisticated. But also the methods to protect against them have gone a long way since the beginning of the WWW. This arm race is experiencing a rapid growth and there still are many things to do, especially on the bright side.
This talk goes through the various types of malware and the different methods to spread it together with the state-of-the-art detection approaches. Our focus is on a DNS technique called fast flux. This technique is used by botnets to hide phising and malware delivery sites. We present an algorithm and a Java tool to detect the fast flux domains. The tool has been developed in the course of the HoneySpider Network project. This project aims in developing a complete client honeypot system with the primary focus on attacks against, or involving the use
of, Web browsers. The fast flux detector tool is provided as a standalone application as well as a Firefox plugin. There are more plugins to be released this year that will help to identify malicious web sites. These include an ICAP client and a web page analyser that uses the static and dynamic analysis techniques to discover malicious software.
Speakers
Jarosław Jantura is Senior Software Engineer at NASK, Research and Academic Computer Network. He graduated with a master degree in Computer Science from Kielce University of Technology. After two years as a lecturer, he moved to the industry, first starting with C, C++, Objective-C, and then moving to Java. At NASK he specializes at security and large-scale computing including virtualization techniques, grids, and general-purpose computation on graphics hardware.
Patrycja Wegrzynowicz is the Head of Software R&D Department at NASK, Research and Academic Computer Network. At NASK she shapes the future direction of technological research in software as well as acts as a chief architect and consultant on the projects from the field of Internet domain names and DNS, Internet security, and large-scale digital archives together with semantic search. Patrycja holds a master degree in Computer Science and is currently finalizing her PhD at Warsaw University. Her academic interests are focused on language semantics and automated software engineering, particularly on static and dynamic analysis techniques to support program validation, verification, and comprehension
