By Topic

Insights from the analysis of the Mariposa botnet

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Sinha, P. ; Comput. Security Lab., Concordia Univ., Montreal, QC, Canada ; Boukhtouta, A. ; Belarde, V.H. ; Debbabi, M.

Nowadays, botnets are among the topmost network threats by combining innovative hacking capabilities. This is due to the fact that they are constantly improved by hackers to become more resilient against detection and debugging techniques. In this respect, we analyze one of the most prominent botnets, namely Mariposa, which infected more than 13 million computers that are located in more than 190 countries. In this regard, we analyze the botnet architecture, components, commands and communication. In this setting, we detail the obfuscation and anti-debugging techniques it uses. Moreover, we detail the infection and code-injection techniques into legitimate processes. In addition, we explain the spreading mechanisms that are employed in Mariposa as well as the underlying communication protocols. More importantly, we analyze the injected bot code. This is accomplished by a reverse engineering exercise that uses both a network analysis together with reverse-engineering analysis. The insights from this work are meant to illustrate the know-how used in current botnet technologies and enable the elaboration of analysis, detection and prevention techniques.

Published in:

Risks and Security of Internet and Systems (CRiSIS), 2010 Fifth International Conference on

Date of Conference:

10-13 Oct. 2010