Android Malware And Botnet Analysis

Android Malware and Botnets
Malware in differing forms has been present since computers were first invented. One of the most interesting kinds of malware is that which takes control of a computer and reports back to the malicious actor that infected the computer. The malware allows an attacker to use the infected computer, effectively making the computer a bot. Normally, these bots are part of a network of infected computers known as a botnet. The attacker in control of a botnet can use it for a variety of purposes. One of the most common uses for a botnet is to perform distributed denial of service attacks (DDoS), where the bots send massive amounts of web traffic to a single website and attempt to bring it down. Botnets can also be used to
…show more content…
Specifically, I used the Jet Brains PyCharm IDE for development (PyCharm: Download Latest, 2016). I chose this due to its error checking of code and debugging capabilities. As already explained, initially the command and control server was to use sockets to communicate with clients. This did not pan out. Instead, I utilized the “http.server” library in python (http.server--HTTP Servers, 2016). The class to handle HTTP requests was only a few lines of code which could easily be expanded to fit my needs. I focused mainly on the “do_post” function, as all requests were done via POST in HTTP. In addition to the communications, the command and control server would also need to keep track of clients and take command input from the user running the server. To handle commands, I created a simple while loop that prompts for input until the “exit” command is given. Behind this, I also created a list of valid commands to check for. To keep track of clients I utilized a dictionary of key value pairs (Data Structures, 2016). The key would need to be unique to each individual device. UUIDs fit the bill here, so each device was identified by a UUID (Leach, Mealling, & Salz, 2005). The value in the dictionary had to be customized to store data for a client. Therefore, I created a class that could hold a variety of information regarding the client. The next step was to create the handlers for each command. I created a “connect” URL that clients visited the first time they connected to the botnet, a “checkin” URL that they check in to every 30 seconds, and a “fileupload” URL where the client sends a file and metadata to the server. After figuring out the communication methods, I determined simple commands that could be run. These will be listed in the results section. The next step was to implement timers to see when the client last checked in. On the

Related Documents