Abstract
Nowadays online social networking is becoming one of the options for botnet command and control (C&C) communication, and QR codes have been widely used in the area of software automation. In this paper, we orchestrate QR codes, Twitter, Tor network, and domain generation algorithm to build a new generation of botnet with high recovery capability and stealthiness. Unlike the traditional centralized botnet, our design achieves dynamic C&C communication channels with no single point of failure. In our design, no cryptographic key is hard-coded on bots. Instead, we exploit domain generation algorithm to produce dynamic symmetric keys and QR codes as medium to transport dynamic asymmetric keys. By using this approach, botnet C&C communication payload can be ensured in terms of randomization and confidentiality. We implement our design via Twitter and real-world Tor network. According to the experiment results, our design is capable to do C&C communication with low data and minimal CPU usage. The goal of our work is to draw defenders’ attention for the cyber abuse of online social networking and Tor network; especially, the searching feature in online social networks provides a covert meet-up channel, and needs to be investigated as soon as possible. Finally, we discuss several potential countermeasures to defeat our botnet design.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Google announces over 2 billion monthly active devices on android. https://www.theverge.com/2017/5/17/15654454/android-reaches-2-billion-monthly-active-users
Eslahi, M., Rostami, M.R., Hashim, H., Tahir, N.M., Naseri, M.V.: A data collection approach for mobile botnet analysis and detection. In: The IEEE Symposium on Wireless Technology and Applications (ISWTA), pp. 199–204. IEEE, Kota Kinabalu (2014)
Felt, A.P., Finifter, M., Chin, E., Hanna, S., Wagner D.: A survey of mobile malware in the wild. In: The 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 3–14. ACM, Chicago (2011)
Cooke, E., Jahanian, F., McPherson, D.: The zombie roundup: understanding, detecting, and disrupting botnets. In: The Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop, p. 6. USENIX, Cambridge (2005)
Bailey, M., Cooke, E., Jahanian, F., Xu, Y., Karir, M.,: A survey of botnet technology and defenses. In: The Conference for Homeland Security on Cybersecurity Applications & Technology (CATCH09), pp. 299–304. IEEE, Washington (2009)
Eslahi, M., Salleh, R., Anuar, N.B.: MoBots: a new generation of botnets on mobile devices and networks. In: IEEE Symposium on Computer Applications and Industrial Electronics (ISCAIE), pp. 262–266. IEEE, Kota Kinabalu (2012)
Malatras, A., Freyssinet, E., Beslay, L.: Mobile botnets taxonomy and challenges. In: European Intelligence and Security Informatics Conference, pp. 149–152. IEEE, Manchester (2015)
Dagon, D., Gu, G., Lee, C.P., Lee, W.: A taxonomy of botnet structures. In: 23rd Annual Computer Security Applications Conference, pp. 325–339. IEEE, Miami Beach (2007)
Krombholz, K., Frühwirt, P., Kieseberg, P., Kapsalis, I., Huber, M., Weippl, E.: QR code security: a survey of attacks and challenges for usable security. In: Tryfonas, T., Askoxylakis, I. (eds.) HAS 2014. LNCS, vol. 8533, pp. 79–90. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-07620-1_8
Kieseberg, P., et al.: QR code security. In: 8th International Conference on Advances in Mobile Computing and Multimedia, pp. 430–435. ACM, Paris (2010)
Kharraz, A., Kirda, E., Robertson, W., Balzarotti, D., Francillon, A.: Optical delusions: a study of malicious QR codes in the wild. In: the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 192–203. IEEE, Atlanta (2014)
Cui, X., Fang, B., Yin, L., Liu, X., Zang, T.: Andbot: towards advanced mobile botnets. In: the 4th USENIX Conference on Large-scale Exploits and Emergent Threats, p. 11. USENIX, Boston (2011)
Singh, A., Toderici, A.H., Ross, K., Stamp, M.: Social networking for botnet command and control. Int. J. Comput. Netw. Inf. Secur. 5, 11–17 (2013)
Yin, T., Zhang, Y., Li, S.: DR-SNBot: a social network-based botnet with strong destroy-resistance. In: 9th IEEE International Conference on Networking. Architecture, and Storage, pp. 191–199. IEEE, Tianjin (2014)
Shin, S., Gu, G.: Conficker and beyond: a large-scale empirical study. In: the 26th Annual Computer Security Applications Conference, pp. 151–160. ACM, Austin (2010)
Conficker’s estimated economic cost? \(\$\)9.1 billion. http://www.zdnet.com/article/confickers-estimated-economic-cost-9-1-billion/
Dingledine, R., Mathewson, N., Syverson, P.: Tor: the second- generation onion router. In: the 13th Conference on USENIX Security Symposium, p. 21. USENIX, San Diego (2004)
Dong, Y.: An Android botnet that meets up at Twitter. http://csus-dspace.calstate.edu/handle/10211.3/198844
Hua, J., Sakurai, K.: A SMS-based mobile botnet using flooding algorithm. In: Ardagna, C.A., Zhou, J. (eds.) WISTP 2011. LNCS, vol. 6633, pp. 264–279. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21040-2_19
Zeng, Y., Shin, K.G., Hu, X.: Design of SMS commanded-and- controlled and P2P-structured mobile botnets. In: The 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks, pp. 137–148. ACM, Tucson (2012)
Faghani, M. R., Nguyen, U. T.: Socellbot: A new botnet design to infect smartphones via online social networking. In: 25th IEEE Canadian Conference on Electrical and Computer Engineering, pp. 1–5. IEEE, Montreal (2012)
Nagaraja, S., Houmansadr, A., Piyawongwisal, P., Singh, V., Agarwal, P., Borisov, N.: Stegobot: a covert social network botnet. In: Filler, T., Pevný, T., Craver, S., Ker, A. (eds.) IH 2011. LNCS, vol. 6958, pp. 299–313. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-24178-9_21
Compagno, A., Conti, M., Lain, D., Lovisotto, G., Mancini, L.V.: Boten ELISA: A novel approach for botnet C&C in online social networks. In: IEEE Conference on Communications and Network Security, pp. 74–82. IEEE, Florence (2015)
Koobface: inside a crimeware network. https://www.nartv.org/2010/11/12/koobface-inside-a-crimeware-network/
Thomas, K., Nicol, D.M.: The Koobface botnet and the rise of social malware. In: The 5th International Conference on Malicious and Unwanted Software, pp. 63–70. IEEE, Nancy (2010)
Web 2.0 Botnet Evolution Koobface Revisited. https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp__web-2-0-botnet-evolution-koobface.pdf
Chasing Advanced Persistent Threats (APT). https://www.secureworks.com/research/chasing_apt
Yao, H., Shin, D.: Towards preventing QR code based attacks on android phone using security warnings. In: The 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, pp. 341–346. ACM, Hangzhou (2013)
Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21, 1–5 (2012)
Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Springer, New York (2013). https://doi.org/10.1007/978-3-662-04722-4
Mobile twitter search. https://mobile.twitter.com/search
Botnet prototype demonstration. https://youtu.be/LkfYa4OgvYI
How secure is AES against brute force attacks. https://www.eetimes.com/document.asp?doc id=1279619
Gu, G., Perdisci, R., Zhang, J., Lee, W.: BotMiner: clustering analysis of network traffic for protocol and structure-independent botnet detection. In: The 17th USENIX Security Symposium, pp. 1–5. USENIX, San Jose (2008)
Gopalan, S., Kulkarni, A., Shah, A., Dai, J., Ouyang, J., Muyan-Ozcelik, P., Sun, X.: Dont be surprised: i see your mobile app stealing your data. In: ICNC 2018-Mobile Computing & Vehicle Communications Symposium, to appear. ICNC, Hawaii (2018)
Filter bubble. https://www.techopedia.com/definition/28556/filter-bubble
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Dong, Y., Dai, J., Sun, X. (2018). A Mobile Botnet That Meets Up at Twitter. In: Beyah, R., Chang, B., Li, Y., Zhu, S. (eds) Security and Privacy in Communication Networks. SecureComm 2018. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 255. Springer, Cham. https://doi.org/10.1007/978-3-030-01704-0_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-01704-0_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-01703-3
Online ISBN: 978-3-030-01704-0
eBook Packages: Computer ScienceComputer Science (R0)