Title :
Evaluating email’s feasibility for botnet command and control
Author :
Singh, Kapil ; Srivastava, Abhinav ; Giffin, Jonathon ; Lee, Wenke
Author_Institution :
Sch. of Comput. Sci., Georgia Inst. of Technol., Atlanta, GA
Abstract :
The usefulness of email has been tempered by its role in the widespread distribution of spam and malicious content. Security solutions have focused on filtering out malicious payloads and weblinks from email; the potential dangers of email go past these boundaries: harmless-looking emails can carry dangerous, hidden botnet content. In this paper, we evaluate the suitability of email communication for botnet command and control. What makes email-based botnets interesting is the lack of clear detection and mitigation strategies that defenders could use to disrupt the botnet. We first demonstrate that botnet commands can remain hidden in spam due to its enormous volume. If email providers deploy specialized detection of spam-based botnets, botmasters can alternatively communicate with bots via non-spam email that cannot be safely discarded. We show the viability of such communication by means of simulations and a prototype, and we discuss the limited prospects for detection of email botnets.
Keywords :
security of data; unsolicited e-mail; botmasters; botnet command and control; email communication; email feasibility; email-based botnets; hidden botnet content; malicious content; malicious payloads; spam; weblinks; Command and control systems; Communication system control; Computer science; Electronic mail; Information filtering; Information filters; Internet; Payloads; Prototypes; Unsolicited electronic mail;
Conference_Titel :
Dependable Systems and Networks With FTCS and DCC, 2008. DSN 2008. IEEE International Conference on
Conference_Location :
Anchorage, AK
Print_ISBN :
978-1-4244-2397-2
Electronic_ISBN :
978-1-4244-2398-9
DOI :
10.1109/DSN.2008.4630106
