6th European Conference - Academic Conferences
6th European Conference - Academic Conferences
6th European Conference - Academic Conferences
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Ivan Burke and Renier van Heerden<br />
First, we defined the four key components of a Botnet. We then provided examples of how these<br />
components can be mimicked by Cloud services and specifically by Google’s gadget API and how<br />
they match the Cloud security threats identified by Hubbard. The API was capable of reproducing<br />
each of the components functionality, to a limited degree with very little alteration of freely available<br />
web resources.<br />
We combined these components to form a simple but working botnet. Although limited in scope, a<br />
simple DDoS attack was achieved by using Google servers as the attacking computers. The current<br />
botnets concentrate on using personal and corporate computers, but as they are moving into the<br />
cloud computing, the botnets will follow.<br />
We identified several weak points in our current design and identified some possible areas for future<br />
development of Cloud botnet research. This is still a rather new field and as such this paper hopes to<br />
serve as a possible point of reference for future work.<br />
References<br />
Banks, S. & Strytz, M., 2007. Bot armies: an introduction. [Online] SPIE Available at:<br />
http://spie.org/x15000.xml?ArticleID=x15000 [Accessed 10 October 2010].<br />
Bullock, D., 2010. IP Address Geolocation JSON API. [Online] Available at:<br />
http://ipinfodb.com/ip_location_api_json.php [Accessed 8 October 2010].<br />
Cabri, R., 2007. Spyjax - Your browser history is not private! [Online] Available at:<br />
http://www.techtalkz.com/news/Security/Spyjax-Your-browser-history-is-not-private.html [Accessed 7<br />
October 2010].<br />
Denis, B., 2008. Anatomy of the Asprox Botnet. [Online] VeriSign Available at:<br />
http://xylibox.free.fr/AnatomyOfTheASPROXBotnet.pdf [Accessed 30 September 2010].<br />
Engate, 2009. Defending your network from Botnet threat. [Online] Engate Available at:<br />
http://ns1.happynet.com/images/datasheets/Engate_whitepaper.pdf [Accessed 9 October 2010].<br />
Eston, T., 2010. DigiNinja. [Online] Available at: http://www.digininja.org/ [Accessed 5 October 2010].<br />
Felix, F.C., Thorsten, H. & Wicherski, G., 2005. Botnet Tracking: Exploring a Root-Cause Methodology to Prevent<br />
Distributed Denial-of-Service Attacks. Computer Security – ESORICS 2005, 3679, pp.319-15.<br />
Garner, 2008. Gartner Says Cloud Computing Will Be As Influential As E-business. Garner Inc. Stamfort: Garner<br />
Inc.<br />
Google Gadgets API, 2009. Working with Remote Content. [Online] Google Available at:<br />
http://code.google.com/apis/gadgets/docs/remote-content.html [Accessed 7 October 2010].<br />
Google Webmaster Central, 2010. Feedfetcher. [Online] Google Available at: "<br />
http://www.google.com/support/webmasters/bin/answer.py?hl=en&answer=178852 [Accessed 3 October<br />
2010].<br />
Hansen, R. & Stracener, T., 2008. Xploiting Google Gadgets: Gmalware and beyond. [Online] Available at:<br />
http://www.defcon.org/images/defcon-16/dc16-presentations/defcon-16-stracener-hansen.pdf [Accessed 3<br />
October 2010].<br />
Hashemian, R.V., 2005. JavaScript Visitor IP Address and Host Name. [Online] Available at: I:\JavaScript Visitor<br />
IP Address and Host Name.mht [Accessed 3 October 2010].<br />
Hubbard, D. et al., 2010. Top Threats to Cloud Computing V1.0. Cloud Security Alliance.<br />
Kiefer, K.P., 2004. Background on Operation Web Snare. [Online] Available at:<br />
http://www.justice.gov/criminal/fraud/documents/reports/2004/websnare.pdf [Accessed 3 December 2010].<br />
Kortchinsky, K., 2009. Black Hat. [Online] Immunity, Inc. Available at: http://www.blackhat.com/presentations/bhusa-09/KORTCHINSKY/BHUSA09-Kortchinsky-Cloudburst-SLIDES.pdf<br />
[Accessed 16 November 2010].<br />
MacManus, R., 2008. Read Write Web. [Online] Available at:<br />
http://www.readwriteweb.com/archives/survey_48_of_bank_customers_wa.php [Accessed 6 October 2010].<br />
Ollmann, G., 2009. A Botnet by Any Other Name. [Online] Available at:<br />
http://www.securityfocus.com/columnists/501 [Accessed 11 October 2010].<br />
Peterson, V., 2009. Social Design Best Practices. [Online] Available at:<br />
http://wiki.opensocial.org/index.php?title=Social_Design_Best_Practices [Accessed 3 October 2010].<br />
Rutkowska, J., 2008. Black Hat. [Online] Coseinc Available at: http://www.blackhat.com/presentations/bh-usa-<br />
06/BH-US-06-Rutkowska.pdf [Accessed 16 November 2010].<br />
Stracene, T., 2008. Securing Widgets and Gadgets in the Web 2.0 World. [Online] Available at:<br />
http://blog.cenzic.com/public/blog/208285 [Accessed 6 October 2010].<br />
Vamosi, R., 2008. CNET News. [Online] Available at: http://news.cnet.com/8301-10789_3-10040669-57.html<br />
[Accessed 2 October 2010].<br />
Wang, A., 2009. Javascript Obfuscator . [Online] Available at: http://www.javascriptobfuscator.com/Default.aspx<br />
[Accessed 12 October 2010].<br />
41