Abstract
As a lot of sophisticated duties are being migrated to mobile phones, they are gradually becoming hot targets of hackers. Actually, during the past few years, It has appeared many malware targeting mobile phones and the situation is getting worse. Under this circumstance, we may ask a serious question: whether can those infected phones be organized to a botnet? In this paper, we present a design of such a botnet using Short Message Service (SMS) as its Command and Control (C&C) medium. We cover all the aspects of the botnet design including the stealthiness protection, the topology selecting and the botnet maintaining. Our simulations show that in our proposed SMS-based botnet a newly issued C&C message can be covertly propagated to over 90% of the total 20000 bots within 20 minutes based on a simple flooding algorithm. Moreover, in this process each bot sends no more than four SMS messages and the botnet is robust to both random and selective node failures. Thereby, we demonstrate that the proposed mobile botnet is indeed a serious threat on the security of the mobile computing environment. For this reason, we further explore several effective defense strategies against such a botnet. In doing so, we hope to be one step ahead of the hackers to discover and prevent this upcoming threat.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Virus News of Kasperksy Lab. Popular Porn Sites Distribute a New Trojan Targeting Android Smartphones (2010), http://www.kaspersky.com/news?id=207576175
Porras, P., Saidi, H., Yegneswaran, V.: An analysis of the Ikee.B (Duh) iPhone botnet (2009), http://mtc.sri.com/iPhone/
Lelli, A.: Security Response: A Smart Worm for a Smartphone- WinCE.PmCryptic.A (2008), http://www.symantec.com/connect/blogs/smart-worm-smartphone-wincepmcryptica
Apvrille, A.: Symbian worm Yxes: Towards mobile botnets? In: 19th Annual EICAR Conference, France (2010)
Mulliner, C., Vigna, G.: Vulnerability Analysis of MMS User Agents. In: ACSAC 2006, Miami Beach, USA (2006)
F-Secure Corporation. Worm:SymbOS/Mabir.A (2005), http://www.f-secure.com/v-descs/mabir.shtml
Ferrie, P., Szor, P., Stanev, R.: Security Response: SymbOS.Cabir. Symantec Corporation (2007)
Vanhorenbeeck, M.: Mobile botnets: an economic and technological assessment (2008), http://www.daemon.be/maarten/mobbot.html
Flo, A.R., Josang, A.: Consequences of Botnets Spreading to Mobile Devices. In: 14th Nordic Conference on Secure IT Systems, Oslo (2009)
Campbell, M.: Mobile botnets show their disruptive potential. The New Scientist 204(2734) (2009)
Traynor, P., Lin, M., Ongtang, M., et al.: On Cellular Botnets: Measuring the Impact of Malicious Devices on a Cellular Network Core. In: CCS 2009, Chicago, USA (2009)
Singh, K., Sangal, S., Jain, N., Traynor, P., Lee, W.: Evaluating Bluetooth as a Medium for Botnet Command and Control. In: Kreibich, C., Jahnke, M. (eds.) DIMVA 2010. LNCS, vol. 6201, pp. 61–80. Springer, Heidelberg (2010)
Zeng, Y., Hu, X., Shin, K.G.: Design of SMS Commanded-and-Controlled and P2P-Structured Mobile Botnets. University of Michigan Technical Report CSE-TR-562-10 (2010)
Papathanasiou, C., Percoco, N.J.: This is not the droid you are looking for. In: DEF CON, vol. 18 (2010)
Singh, K., Srivastava, A., Giffin, J., et al.: Evaluating Email’s Feasibility for Botnet Command and Control. In: DSN 2008 (2008)
Walker, J.: Stego!Text Steganography (2005), http://www.fourmilab.ch/javascrypt/stego.html
Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Springer, Heidelberg (2002)
Erdos, P., Renyi, A.: On random graphs I. Publicationes Mathematicae.15 (1959)
Barabasi, A.L., Albert, R.: Emergence of scaling in random networks. Science 286 (1999)
Watts, D.J., Strogatz, S.H.: Collective dynamics of ’small-world’ networks. Nature 393(6684) (1998)
Davis, C.R., Neville, S., Fernandez, J.M., Robert, J.-M., McHugh, J.: Structured Peer-to-Peer Overlay Networks: Ideal Botnets Command and Control Infrastructures? In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 461–480. Springer, Heidelberg (2008)
Csardi, G.: The igraph library (2005), http://igraph.sourceforge.net/index.html
Mulliner, C., SeifertRise, J.P.: Rise of the iBots: 0wning a telco network. In: MALWARE 2010, France (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 IFIP International Federation for Information Processing
About this paper
Cite this paper
Hua, J., Sakurai, K. (2011). A SMS-Based Mobile Botnet Using Flooding Algorithm. In: Ardagna, C.A., Zhou, J. (eds) Information Security Theory and Practice. Security and Privacy of Mobile Devices in Wireless Communication. WISTP 2011. Lecture Notes in Computer Science, vol 6633. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21040-2_19
Download citation
DOI: https://doi.org/10.1007/978-3-642-21040-2_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21039-6
Online ISBN: 978-3-642-21040-2
eBook Packages: Computer ScienceComputer Science (R0)