Dark Web pp 427-439 | Cite as

Botnets and Cyber Criminals

  • Hsinchun ChenEmail author
Part of the Integrated Series in Information Systems book series (ISIS, volume 30)


In the last several years, the nature of computer hacking has completely changed. Cyber crime has risen to unprecedented sophistication with the evolution of botnet technology, and an underground community of cyber criminals has arisen, capable of inflicting serious socioeconomic and infrastructural damage in the information age. This chapter serves as an introduction to the world of modern cyber crime and discusses information systems to investigate it. We investigated the command and control (C&C) signatures of major botnet herders using data collected from the Shadowserver Foundation, a nonprofit research group for botnet research. We also performed exploratory population modeling of the bots and cluster analysis of selected cyber criminals.


Covert Channel Underground Economy Status Message Phish Attack Malicious File 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



The author would like to thank the UA Dark Web team for their support of ongoing terrorism and cybercrime research, and the volunteer effort of The Shadowserver Foundation for helping to make the Internet a safer place.


  1. Abbasi, A. and Chen, H. (2008), “Analysis of Affect Intensities in Extremist Group Forums,” In: Terrorism Informatics, E. Reid and H. Chen, Eds., Springer, pp. 285–307.Google Scholar
  2. Dagon, D., Zou, C. and Lee, W. (2006), “Modeling Botnet Propagation Using Time Zones.” In Proceedings of the 13th Network and Distributed System Security Symposium (NDSS).Google Scholar
  3. Holtz, Thorsten (2005), “A Short Visit to the Bot Zoo,” IEEE Security and Privacy, Vol. 3, No. 3 pp. 76–79.CrossRefGoogle Scholar
  4. Krebs, Brian (2007). “Terrorism’s Hook Into Your Inbox.” Washington Post, July 5, 2007.
  5. McCarthy, Bill (2003). “Botnets: Big and Bigger,” IEEE Security and Privacy, Vol. 1, No. 4, pp. 15–23.CrossRefGoogle Scholar
  6. Nazario, Jose (2007). “Botnet Tracking: Tools, Techniques, and Lessons Learned,” Black Hat DC 2007 Presentations, Nazario/Paper/bh-dc-07-Nazario-WP.pdf.mwcollect Alliance, Nepenthes honeypot.;
  7. Smith, Brad (2008), “A Storm (Worm) Is Brewing,” IEEE Technology News, Vol. 41, No. 2, pp. 20–22.Google Scholar
  8. Spitzner, L. (2003), “The Honeynet Project: Trapping the Hackers,” IEEE Security and Privacy, Vol. 1, No. 2, pp. 15–23.CrossRefGoogle Scholar
  9. Sunbelt Software. CWSandbox,
  10. The Shadowserver Foundation,
  11. Thomas, Rob and Martin, Jerry (2006). “The Cyber Underground Economy: Priceless,”;login: The USENIX Magazine, Vol. 31, No. 6. publications/login/2006–12/­openpdfs/cymru.pdf.
  12. Weimann, Gabriel. (2006), Terror on the Internet: The New Arena, the New Challenges. Washington, D.C.: United States Institute of Peace Press.Google Scholar
  13. Xu, Jennifer, Chen, Hsinchun, Zhou, Yilu and Qin, Jialun (2006). “On the Topology of the Dark Web of Terrorist Groups,” Intelligence and Security Informatics, ISI 2006, LNCS 3975, pp. 367–376.CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC 2012

Authors and Affiliations

  1. 1.Department of Management Information SystemsUniversity of ArizonaTusconUSA

Personalised recommendations