Android Malware And Botnet Analysis

Great Essays
Android Malware and Botnets
Malware in differing forms has been present since computers were first invented. One of the most interesting kinds of malware is that which takes control of a computer and reports back to the malicious actor that infected the computer. The malware allows an attacker to use the infected computer, effectively making the computer a bot. Normally, these bots are part of a network of infected computers known as a botnet. The attacker in control of a botnet can use it for a variety of purposes. One of the most common uses for a botnet is to perform distributed denial of service attacks (DDoS), where the bots send massive amounts of web traffic to a single website and attempt to bring it down. Botnets can also be used to
…show more content…
Specifically, I used the Jet Brains PyCharm IDE for development (PyCharm: Download Latest, 2016). I chose this due to its error checking of code and debugging capabilities. As already explained, initially the command and control server was to use sockets to communicate with clients. This did not pan out. Instead, I utilized the “http.server” library in python (http.server--HTTP Servers, 2016). The class to handle HTTP requests was only a few lines of code which could easily be expanded to fit my needs. I focused mainly on the “do_post” function, as all requests were done via POST in HTTP. In addition to the communications, the command and control server would also need to keep track of clients and take command input from the user running the server. To handle commands, I created a simple while loop that prompts for input until the “exit” command is given. Behind this, I also created a list of valid commands to check for. To keep track of clients I utilized a dictionary of key value pairs (Data Structures, 2016). The key would need to be unique to each individual device. UUIDs fit the bill here, so each device was identified by a UUID (Leach, Mealling, & Salz, 2005). The value in the dictionary had to be customized to store data for a client. Therefore, I created a class that could hold a variety of information regarding the client. The next step was to create the handlers for each command. I created a “connect” URL that clients visited the first time they connected to the botnet, a “checkin” URL that they check in to every 30 seconds, and a “fileupload” URL where the client sends a file and metadata to the server. After figuring out the communication methods, I determined simple commands that could be run. These will be listed in the results section. The next step was to implement timers to see when the client last checked in. On the

Related Documents

  • Great Essays

    Django Case Study

    • 1057 Words
    • 5 Pages

    Answer: Django architecture consists of: Models: It describes your database schema and your data structure Views: It controls what a user sees, the view retrieves data from appropriate models and execute any calculation made to the data and pass it to the template Templates: It determines how the user sees it. It describes how the data received from the views should be changed or formatted for display on the page Controller: It is the heart of the system. It handles request and responses, setting up database connections and loading add-ons and specifies Django framework and URL parsing. Question: Why Django should be used for web development? Answer: Django should be used for web development because of following reasons: • It allows to divide code module into logical groups to make it flexible to change.…

    • 1057 Words
    • 5 Pages
    Great Essays
  • Great Essays

    Examples Of SQL Injection

    • 820 Words
    • 4 Pages

    • The attacker can steal, delete or alter parts or the entire data • Launch attacks from compromised server • Unauthorized access to all personal data or company data, confidential information, customers data etc SQL injection takes advantage of the vulnerabilities in publicly available, user-supplied data fields in the web application. Instead of submitting anticipated information, an attacker may insert malicious code, and trick the database so that it executes the compromised statements and perform unauthorized actions such as accessing and retrieving private data, modifying or deleting parts or the entire…

    • 820 Words
    • 4 Pages
    Great Essays
  • Improved Essays

    The Service component controls the procedures that run in the background. These may call other programs that oversee background downloads of music, files, etc. If the designer wants, the service can also be application specific daemons run service. Useful examples of services in the background is a firewall that records and matches internet traffic to its list of dangerous websites or an antivirus app that will automatically check the system periodically and after the app updates it’s virus database. The Content provider uses a relational database interface to control the sharing of data.…

    • 822 Words
    • 4 Pages
    Improved Essays
  • Improved Essays

    Malware is defined as malicious software that is installed and designed with the purpose of infecting the user’s computer system. Malware can either affect the user individually or it can effect and damage the entire organization. The victim circumstances depend on the hacker’s intent. Although Malware is designed for malicious intent, the system itself is only the broader term. Malware is the overall software that is designed, but there are variants of Malware that are more specific and have different intents when it comes to the victim.…

    • 1143 Words
    • 5 Pages
    Improved Essays
  • Improved Essays

    Case Study On RLES

    • 1211 Words
    • 5 Pages

    1. Goal The primary goal of this lab was to establish a base network in RLES that will be built on in future labs. We worked with new PFSense, a routing interface with which I was unfamiliar. I learned how to configure internal and external interfaces with PFSense, and was able to modify the rest of the necessary settings via the Web GUI. We learned how to configure RHEL, and also got to experiment with setting up a Wiki.…

    • 1211 Words
    • 5 Pages
    Improved Essays
  • Superior Essays

    Network intrusion takes place when an outside entity gains access to a prohibited network without authorization. A secure computer or network system should provide data confidentiality, data and communication integrity and assurance from a denial of service attack (Mukherjee, Heberlein, & Levitt., 1994, p.28). Network intrusion can have huge effects on an organization as data can be stolen, modified or erased, and equipment or programming can be harmed or annihilated. Organization in the public and private sector are constantly in the media for security breach, Companies such as JP Morgan Chase, Home Depot , TJ Maxx and recently the Federal Office of Personal Management have all been breach. In a case presented by Johnston and…

    • 1086 Words
    • 5 Pages
    Superior Essays
  • Improved Essays

    I'd like to build an Internet application off our home page that would allow clients to submit service requests. Then consultants could enter notes of their work on those requests. Anna: If we had had that system, Ben might have known the router had been changed out before he got there. Peter: Right. Plus on ongoing problems, any consultant could access that history and know what not to do.…

    • 1971 Words
    • 8 Pages
    Improved Essays
  • Superior Essays

    Denial-of-Service and Blended Attacks are two damaging strategies used by individuals that employ malicious codes. A DoS attack is an attempt to make a site or Web site unavailable to its intended users, such as temporarily or indefinitely interrupt or suspend services to the Internet. Multiple bogus requests are sent to the server resulting in overloading the server and preventing legitimate usage (Taylor et al., 2011). A blended attack is an attack that involves a combination of attacks using worms, Trojan horse, virus, and other types of malware. The blended attack utilizes multiple payloads and targets that make up the virus programming (Taylor et al.,…

    • 1682 Words
    • 7 Pages
    Superior Essays
  • Great Essays

    Before I explain OpenID Connect, let us go over the flow for OAuth 2.0. A site, let us call it NewHipSite, has OAuth 2.0 configured to authenticate with an external site which we will call AuthProvider. When the user accesses NewHipSite, there will be a button that says something along the lines of “Log in with AuthProvider”. The user then gets redirected to the login page for AuthProvider with some extra information including a “response_type”, a “client_id”, and a “redirect_uri” in the query string put there by NewHipSite. The “response_type” is what kind of response NewHipSite wants AuthProvider to give them, the “client_id” identifies NewHipSite, and “redirect_uri” is the URL that AuthProvider will redirect the client once successfully authenticated.…

    • 1871 Words
    • 8 Pages
    Great Essays
  • Improved Essays

    Tip Top Invoicing Sheet

    • 1166 Words
    • 5 Pages

    New Tip Top customers will need to be setup in QuickBooks. I will enter customer’s name, phone number, email address, company address and credit terms that will be taken from the invoicing sheet. Some invoicing sheets will need to be scanned and emailed to Tammy for correction and/or clarification. I will need to make notes in them. When the credit terms don’t appear on the invoicing sheet I will have to email Tammy at Tip Top to find out from her before giving the invoicing sheet to Neela for review.…

    • 1166 Words
    • 5 Pages
    Improved Essays