Proposal / Submission Type
Peer Reviewed Paper
Location
Henderson Welcome Center
Start Date
15-5-2017 10:00 AM
Abstract
This paper investigates the recent behavior of the Kelihos botnet, a spam-sending botnet that accounts for many millions of emails sent each day. The paper demonstrates how a team of students are able to perform a longitudinal malware study, making significant observations and contributions to the understanding of a major botnet using tools and techniques taught in the classroom. From this perspective the paper has two objectives: encouragement and observation. First, by providing insight into the methodology and tools used by student researchers to document and understand a botnet, the paper strives to embolden other academic programs to follow a similar path and to encourage such discovery. Second, the paper shares observations and insights gathered about the botnet's recent spam activity showing evidence of the ``spam as a service" model and demonstrating a variety of unique and dangerous spam campaigns conducted via the Kelihos botnet, including banking trojans, credential phishing, and ransomware attacks.
Scholarly Commons Citation
Arora, Arsh; Gannon, Max; and Warner, Gary, "Kelihos Botnet: A Never-Ending Saga" (2017). Annual ADFSL Conference on Digital Forensics, Security and Law. 4.
https://commons.erau.edu/adfsl/2017/papers/4
Full Resolution File
Included in
Defense and Security Studies Commons, Forensic Science and Technology Commons, Information Security Commons, OS and Networks Commons, Other Computer Sciences Commons, Science and Technology Studies Commons
Kelihos Botnet: A Never-Ending Saga
Henderson Welcome Center
This paper investigates the recent behavior of the Kelihos botnet, a spam-sending botnet that accounts for many millions of emails sent each day. The paper demonstrates how a team of students are able to perform a longitudinal malware study, making significant observations and contributions to the understanding of a major botnet using tools and techniques taught in the classroom. From this perspective the paper has two objectives: encouragement and observation. First, by providing insight into the methodology and tools used by student researchers to document and understand a botnet, the paper strives to embolden other academic programs to follow a similar path and to encourage such discovery. Second, the paper shares observations and insights gathered about the botnet's recent spam activity showing evidence of the ``spam as a service" model and demonstrating a variety of unique and dangerous spam campaigns conducted via the Kelihos botnet, including banking trojans, credential phishing, and ransomware attacks.
Comments
View the agenda session- Morning Session 2: Botnet Detection and Prevention