6th European Conference - Academic Conferences
6th European Conference - Academic Conferences
6th European Conference - Academic Conferences
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Who Needs a Botnet if you Have Google?<br />
Ivan Burke and Renier van Heerden<br />
Council for Scientific and Industrial Research, Pretoria South Africa<br />
IBurke@csir.co.za<br />
RvHeerden@csir.co.za<br />
Abstract: Botnets have become a growing threat to networked operations in recent years. They disrupt services<br />
and communications of vital systems. This paper, gives an overview of the basic anatomy of a Botnet and its<br />
modus operandi. In this paper, we present a Proof of Concept of how Google gadgets may be exploited to<br />
achieve these basic components of a Botnet. We do not provide a full fledged Botnet implementation but merely<br />
to mimic its functionality through Google Gadget API. Our goal was to have Google act as proxy agent to mask<br />
our attack sources, establish Command and Control structure between Bots and Botherders, launch attacks and<br />
gather info while at the same time maintaining some degree of stealth as to not be detected by users.<br />
Keywords: Botnet; Google Gadget; Command and Control; DDoS<br />
1. Introduction<br />
A Botnet is a collection of compromised computers or agents that are infected by malware. These<br />
agents use sophisticated command and control techniques to execute complex and distributed<br />
network attacks. Agents are usually unaware that they have been compromised and are partaking in<br />
these attacks. They are often controlled by an external agent known as Botherders or master agents<br />
(Banks 2007, Vamosi 2008).<br />
According to Steward (in Vamosi, 2008), the techniques used by large Botnets such as Storm are<br />
available online, but a Botnet is more than the sum of its parts. What makes a Botnet successful is<br />
combining all these components into a coherent structure.<br />
Stracener states in (Stracener, 2008), that future malware will run on the internet instead of<br />
standalone computers. His premise is that, as the modern computer infrastructure moves closer to a<br />
networked cluster or cloud so too will the threats to these infrastructures. He warns of his concerns<br />
about malicious gadget and key vulnerabilities related to gadgets. A study conducted by WorkLight<br />
Inc. (in MacManus, 2008), found that 48% of internet bank users, ages 18-34, would use secure thirdparty<br />
Web 2.0 gadgets for their personal banking, if their banks did not provide them with such<br />
functionality. This would imply the users would be able to make a informed decision about what it<br />
means to identify a Web 2.0 gadget as being secure.<br />
Stracener's concerns are mimicked by The Cloud Security Alliance in their paper (Hubbard et al.,<br />
2010). They identify seven key threats to Cloud computing security:<br />
Abuse and nefarious use of cloud computing<br />
Insecure interfaces and APIs<br />
Malicious insiders<br />
Shared technology issues<br />
Data loss or leakage<br />
Count or service hijacking<br />
Unknown risk profile<br />
In this paper we demonstrate a rudimentary Botnet construct by exploiting Google services to host our<br />
Botnet. We investigate the core components of a Botnet and then attempt to mimic the components<br />
using Google Gadget API. It is not the goal of this paper to illustrate the weaknesses in a specific API<br />
but rather to illustrate the danger of user generated content on the World Wide Web. Our aim is to<br />
proof that online services can be organized into a botnet like structure.<br />
Google Gadgets API is design for rapid development of small web based utility applications such as:<br />
calendars, currency converters and news feed readers (Peterson, 2009). By including Open Social<br />
API to a Google gadget, one can enhance shared gadget interaction and extend one’s gadget to the<br />
Social Media domain.<br />
32