Characterisation of the Kelihos.B Botnet

Abstract : Botnets are organized networks of infected computers that are used for malicious purposes. An example is Kelihos.B, a botnet of the Kelihos family used primarily for mining bitcoins, sending spam and stealing bitcoin wallets. A large part of the Kelihos.B botnet was sinkholed in early 2012 and since then bots are sending requests to controlled servers. In this paper, we analyze and characterize the behavior of Kelihos. B. Our analysis is based on the log file of the bot request logged at the sinkhole from March 2012 to early November 2013. We investigate both the overall characteristics of the botnets, as well as on its evolution over time since the time of the sinkholing. Our results indicate that, although this trend is decreasing, there are possibly still newly infected bots even more than a year from the original sinkholing.
Type de document :
Communication dans un congrès
Anna Sperotto; Guillaume Doyen; Steven Latré; Marinos Charalambides; Burkhard Stiller. 8th IFIP International Conference on Autonomous Infrastructure, Management and Security (AIMS), Jun 2014, Brno, Czech Republic. Springer, Lecture Notes in Computer Science, LNCS-8508, pp.79-91, 2014, Monitoring and Securing Virtualized Networks and Services. 〈10.1007/978-3-662-43862-6_11〉
Liste complète des métadonnées

Littérature citée [13 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01401294
Contributeur : Hal Ifip <>
Soumis le : mercredi 23 novembre 2016 - 10:24:36
Dernière modification le : mercredi 23 novembre 2016 - 10:39:55
Document(s) archivé(s) le : lundi 20 mars 2017 - 19:46:30

Fichier

978-3-662-43862-6_11_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Max Kerkers, José Santanna, Anna Sperotto. Characterisation of the Kelihos.B Botnet. Anna Sperotto; Guillaume Doyen; Steven Latré; Marinos Charalambides; Burkhard Stiller. 8th IFIP International Conference on Autonomous Infrastructure, Management and Security (AIMS), Jun 2014, Brno, Czech Republic. Springer, Lecture Notes in Computer Science, LNCS-8508, pp.79-91, 2014, Monitoring and Securing Virtualized Networks and Services. 〈10.1007/978-3-662-43862-6_11〉. 〈hal-01401294〉

Partager

Métriques

Consultations de la notice

43

Téléchargements de fichiers

28