Botnet Reverse Engineering and Call Sequence Recovery

• Main Author: Sinha, Prosenjit
• Format: Others
• Published: 2011
• Online Access: http://spectrum.library.concordia.ca/7083/1/Sinha_MCompSc_S2012.pdf; Sinha, Prosenjit <http://spectrum.library.concordia.ca/view/creators/Sinha=3AProsenjit=3A=3A.html> (2011) Botnet Reverse Engineering and Call Sequence Recovery. Masters thesis, Concordia University.

The focus on computer security has increased due to the ubiquitous use of Internet. Criminals mistreat the anonymous and insidious traits of Internet to commit monetary online fraud, theft and extortion. Botnets are the prominent vehicle for committing online crimes. They provide platform for a botmaster to control a large group of infected Internetconnected computers. Botmaster exploits this large group of connected computers to send spam, commit click fraud, install adware/spyware, flood specific network from distributed locations, host phishing sites and steal personal credentials. All these activities pose serious threat for individuals and organizations. Furthermore, the situation demands more attention since the research and the development of underground criminal industry is faster than security research industry. To cope up against the ever growing botnet threats, security researchers as well as Internet-users need cognizance on the recent trends and techniques of botnets. In this thesis, we analyze in-depth by reverse engineering two prominent botnets namely, Mariposa and Zeus. The findings of the analysis may foster the knowledge of security researchers in multiple dimensions to deal with the botnet issue.To enhance the abstraction and visualization techniques of reverse engineering, we develop a tool which is used for detailed outlook of call sequences.