Begin, F. (2011, August). BYOB: Build your own botnet. Retrieved from http://www.sans.org/reading_room/whitepapers/covert/byob-build-botnet_33729
Botnets represent a clear and present danger to information systems.
They have evolved from simple spam factories to underpinning massive
criminal operations. Botnets are involved in credit card and identity
theft, various forms of espionage, denial of service attacks and other
unsavory by-products of the new digital lifestyle that is prevalent in
modern societies and emerging economies. Security professionals at any
level cannot ignore this new threat. Having a better understanding of
the inner workings of a botnet\ can lead to more efficient and
judicious application of mitigation techniques. While other papers have a
tendency to drive deeply into complex bot and botnet code, this paper\
takes a pedagogical approach rather than a highly technical one.
Following a brief historical overview, it presents a simple working
example of a botnet dubbed FrankenB implemented in Java and PHP. The
implementation includes a command and control infrastructure as well as
botnet tracking and reporting capability. The FrankenB bots are also capable of
eavesdropping on network traffic, scanning subnets and sending spam. All
of these capabilities are demonstrated in this paper. Following this
introduction, FrankenB is then used as a backdrop for discussing
mitigation techniques and for framing the botnet threat in a more global
context.
Howard, D., & Prince, K. (2011). Security 2020: Reduce security risks this decade. Hoboken, NJ: John Wiley and Sons. Retrieved from http://www.wiley.com [Full text e-book available via Books 24x7 database.]
This book gives application developers, networking and security
professionals, those that create standards, and CIOs a straightforward
look at the reality of today’s IT security and a sobering forecast of
what to expect in the next decade. It debunks the media hype and
unnecessary concerns while focusing on the knowledge you need to combat
and prioritize the actual risks of today and beyond.
In the “year of the hack,” survey reveals enterprises are most concerned about “advanced persistent threat” attacks by wide margin. (2011, August 30.) Business Wire. Retrieved from http://www.businesswire.com [Full text available via UMUC Library OneSearch.]
Sixty percent of the respondents said they are
concerned about APT attacks, more than double the next closest response,
showing the growing anxiety among IT executives around modern threats.
The second biggest hacking concern among IT executives, at 28 percent,
is having one of their own employees steal company data and post it
online, much like what happened at the Department of Defense (DoD) with
WikiLeaks. In third place, at 26 percent, are
concerns around a vendor partner being hacked, much like what happened
to Epsilon earlier this year. And in fourth place, at 25 percent, are concerns over a cloud application breach, much like what happened with Sony.
