Botnet Detector for Home PC (P-0552) (MFN 3576)

Abstract

Malware is the center point of cyber-attacks and fraudulent activities on the internet. Using malware the attacker can build its own network of occupied PC’s which are then used to extract crucial data. The attacker is usually called the “Botmaster” and the PC’s combined make a “Botnet”. The program which is loaded on these PC’s to attain remote control is called “Bot”. A Bot steals credentials and time cycles from the computer it is running on and forward it to the botmaster. The vulnerability of bots due to which they cannot easily be detected is that they run on the startup of mebroot before OS loads. Due to this property these bots cannot be detected by ordinary antiviruses since they start operating after OS loads. On Aug 4 2010 a research result indicated that a widely used Zeus V2 botnet has enslaved about 100,000 PC’s alone in UK. Another research revealed Zeus ‘Mumba’ botnets have harvested about 60GB of confidential data. Another popularly used bot ‘Torpig’ 10 days analysis revealed that it has populated almost 180 thousand PC’s and harvested about 80GB data during the tenure. These analyses revealed the speed with which these bot populated themselves and the extent of data they can harbor. As the above mentioned trends highlight the area of damage this malicious code can incur it is vital to counter it. Thus firstly a filter is required to distinguish between the malicious and normal incoming traffic for a PC then a sophisticated and efficient counter actions are in need.