Sciweavers

DSN
2008
IEEE

Evaluating email's feasibility for botnet command and control

14 years 7 months ago
Evaluating email's feasibility for botnet command and control
The usefulness ofemail has been tempered by its role in the widespread distribution ofspam and malicious content. Security solutions have.focused on filtering out malicious payloads and weblinksfrom email; thepotential dangers of email go past these boundaries: harmless-looking emails can carry dangerous, hidden botnet content. In this paper, we evaluate the suitability ofemail communicationfor botnet command and control. What makes email-based botnets interesting is the lack ofclear detection and mitigation strategies that defenders coulduse to disrupt the botnet. We first demonstrate that botnet commands can remain hidden in spam due to its enormous volume. Ifemailproviders deploy specialized detection ofspam-based botnets, botmasters can alternatively communicate with bots via non-spam email that cannot be safely discarded. We show the viability ofsuch communication by means ofsimulations and a prototype, and we discuss the limited prospects for detection ofemail botnets.
Kapil Singh, Abhinav Srivastava, Jonathon T. Giffi
Added 29 May 2010
Updated 29 May 2010
Type Conference
Year 2008
Where DSN
Authors Kapil Singh, Abhinav Srivastava, Jonathon T. Giffin, Wenke Lee
Comments (0)