Study on Advanced Botnet Based on Publicly Available Resources

摘要

In recent years, botnets continue to be an ever-increasing threat on the Internet. To be well prepared for future attacks and ensure the cyberspace security, defenders take more attention on advanced botnet designs that could be used by botmasters. In this paper, we design an advanced botnet based on publicly available resources, and implement its prototype system, which is named as PR-Bot. First of all, in terms of system design, PR-Bot is completely constructed based on the third-party publicly available resources and supports the bidirectional communication between the control end and the controlled end. At the same time, the system's command and control (C&C) channel consists of three sub-channels: command control channel (CC channel), command addressing (CA channel) and result feedback (RF channel), making it extremely robust and concealed. Secondly, in terms of defense technology, this paper proposes the targeted defense strategies from the perspective of detection, measurement and tracking, so as to achieve the goal of combating against such botnets. In short, the ultimate purpose of this paper is not to design a highly harmful botnet, but to accurately predict the techniques that the botnet may adopt in the future and assess its new threats from the point of attack and defense.