Walowdac – Analysis of a Peer-to-Peer Botnet

One of the most interesting botnets of 2009 was Waledac: the botnet implements a peer-to-peer-based communication channel and it can be seen as the successor of Storm Worm, since it implemented many similar ideas (e.g., a very similar language for spam templates was used). The researchers from Trend Micro had published an analysis of the botnet and we also examined the botnet. The result is a paper entitled "Walowdac - Analysis of a Peer-to-Peer Botnet": instead of passively observing the network, we implemented an active infiltration component. We emulate the protocol of a bot and are able to observe the inner communication aspects of the network. As a result, we obtain an in-depth overview of the botnet that enables us to study different aspects of the network, e.g., efficiency of the spam campaigns or number of active bots. As a small peak of the results, the following pictures shows the number of active bots in different countries on a specific day in August 2009. We can for example observe diurnal patterns and clearly see the effects of timezones on the size of the botnet:


Abstract:
A botnet is a network of compromised machines under the control of an attacker. Botnets are the driving force behind several misuses on the Internet, for example spam mails or automated identity theft. In this paper, we study the most prevalent peer-to-peer botnet in 2009: Waledac. We present our infiltration of the Waledac botnet, which can be seen as the successor of the Storm Worm botnet. To achieve this we implemented a clone of the Waledac bot named Walowdac. It implements the communication features of Waledac but does not cause any harm, i.e., no spam emails are sent and no other commands are executed. With the help of this tool we observed a minimum daily population of 55,000 Waledac bots and a total of roughly 390,000 infected machines throughout the world. Furthermore, we gathered internal information about the success rates of spam campaigns and newly introduced features like the theft of credentials from victim machines.

The paper was joint work with Ben Stock, Jan Göbel, Markus Engelberth, and Felix C. Freiling. The full paper is available at http://honeyblog.org/junkyard/paper/waledac-ec2nd09.pdf and it was published at EC2ND 2009.

Trackbacks

  1. PingBack

  2. Tramadol.

    Congratulations guys! Thanks a lot for taking down this botnet, greatly appreciated!

Comments

Display comments as (Linear | Threaded)

  1. SEO Chicago says:

    Security issues with our computer network keep our IT department very busy. We even had a few people access restricted files. I really hope that we can avoid online issues in the future.

  2. Przeczytaj says:

    I know exactly what you mean, security issued can be very time consuming to fix. Very interesting analysis by the way.

  3. Juicer Reviews says:

    I get a lot of great information here and this is what I am searching for. Thank you for your sharing. I have bookmark this page for my future reference.

    Thanks again once more.

  4. replica designer sunglasses says:

    Extraordinarily glad initially to discover The following!

  5. chordsworld.com/lana-del-rey-young-and-beautiful-chords says:

    This is quite scary to be honest...

  6. Cipto junaedy Ebook says:

    Extremely educational thanks, It looks like your current readers may want a whole lot more articles along these lines continue the good hard work.

  7. http://kawin-lari.blogspot.com/2013/11/alfaonlinecom-toko-belanja.html says:

    its pleasant discussion about this post here at this website, I have read all that, so now me also commenting here.

  8. bibit bunga says:

    What an amazing post this is. Truly, one of the very best posts I've ever seen on the internet this year and the previous year. The information is just as legit. And the font is eye-catching and very attractive

  9. Game online says:

    Yeah

    You actually make it appear so easy with your presentation but I find this affair to be actually something which I think I would never understand. It seems too recondite and extremely broad for me. I'm looking forward for your next post, I’ll try to get the hang of it! Thanks very much

  10. Inspirational Love Quotes says:

    Information about is marvelous and interesting.

  11. cara cepat hamil says:

    I hope so dude

  12. http://kawin-lari.blogspot.com/2013/11/belanja-online-cari-voucher-diskon.html says:

    This post will assist the internet visitors for building up new web site or even a weblog from

  13. bikin pin murah says:

    THANKS VERY MUCH

  14. smart card says:

    We always are dealing with security issues on our computer network due to the business industry we are in. I guess botnets help keep IT people employed so that they have something to fix. I wish we could find a way to stop botnets altogether though. I'm tired of the risk of identity theft and other security threats.

  15. wenger says:

    Thanks for sharing such informative post. Like reading this post. Thanks http://www.backpackunion.com wenger backpack

  16. used car sales says:

    Here is the good description about botnet which is a network of compromised machines under the control of an attacker.Thanku for this news.

  17. Patio furniture orange county says:

    Great article. You did a great job :)

  18. emergency seed bank says:

    How easy is it to get computer viruses using peer to peer file transfers? I don't want to have spyware on my computer.

  19. High Page Rank Backlinks says:

    Interesting read, although I wish he'd told you more of his coming games. As much as I like Sid's old games, I am not sure he still can deliver something entirely new. Let's wait and see.

  20. hd wallpapers says:

    Really good stuff here. I must say, you're an extremely talented blogger

  21. kratom says:

    Do bot-net viruses attack bank servers? I wonder if my herb and kratom website is going to be attacked in the future?

  22. Jami Seal says:

    Thanks for this. Great post

  23. Tight Line Productions says:

    Solid information, although is there going to be a sequel or an update to this?

  24. coffee beans wholesale says:

    I agree with you. This post is truly inspiring. I like your post and everything you share with us is current and very informative, I want to bookmark the page so I can return here from you that you have done a fantastic job

  25. Dr. Arthur Stember says:

    Great information here. Do you update your blog frequently?

  26. seo melbourne fl says:

    Way to present everything in a professional manner. Truly a great job.

  27. Fountain of You says:

    I found this indexed in Google -- was it intentional?

  28. Creep Tee Shirts says:

    Wonderful post. I am searching awesome news and idea. What I have found from your site, it is actually highly content. You have spent long time for this post. It's a very useful and interesting site. Thanks!

  29. Yellow Dog Cafe says:

    Great content, post, and truly inspirational stuff here.

  30. Dubstep says:

    I love Dubstep Music !

  31. Extreme Air and Electric says:

    Thanks a lot for the positive post. You really put things into perspective. Thank you.

  32. Lipozene Reviews says:

    I am very much overwhelmed by your thoughts for this particular story. A more deeper and staged knowledge would be good for me

  33. steel trusses says:

    There are so many different aspects when it comes to this topic. Thank you so much for sharing your knowledge on this particular aspect.

  34. Ray Ban says:

    If this is the case, and I get a message around the order of bit wrong identification Wan money, but also that there is new material, boredom

  35. http://mbtshoesukmidland.blog.co.uk/ says:

    Recently there is a news report: henan XinMiShi Zhang Haichao workers, in June 2004 to zhengzhou cooperates wear-resistant materials co.

  36. Vista problems says:

    It is true that One of the most interesting botnets of 2009 was Waledac. I was actually in search of this topic because I have to conduct a seminar regarding the same. I have book marked your page for further updates. Keep up the good work. Regards

  37. Mont Blanc Pens UK says:

    Fabulous internet page you possess these. Extraordinarily glad initially to discover The following!

  38. new homes melbourne florida says:

    Cool stuff -- your website and blog are really unique, and that's really evident by all of the comments. Keep up the great work!

  39. saffron extract reviews says:

    I found the call for silence, the best you can save site advertising information. Keep it up!

  40. appointment setting services says:

    As much as I like Sid's old games, I am not sure he still can deliver something entirely new. Let's wait and see.

  41. obat kuat says:

    Great things you’ve always shared with us. Just keep writing this kind of posts.The time which was wasted in traveling for tuition now it can be used for studies.

  42. xbox one hard drive says:

    Thanks for your info on botnets!

  43. alen says:

    Thanks for posting!

  44. Sun Plumbing says:

    Really good stuff here. I must say, you're an extremely talented blogger and writer. Way to keep the topics relevant and stay connected with your readers.

  45. Xbox One says:

    Great info got sure. Thanks for posting.

  46. Brian Les says:

    Very great info you posted here. Not many blogs go that in depth. Thanks

  47. cost of surrogacy says:

    lly good stuff here. I must say, you're an extremely talented blogger and writer. Way to keep the topics relevant and stay connected with your readers.

  48. Peptides says:

    This is highly This is highly informatics, crisp and clear.informatics, crisp and clear.

  49. web designing company says:

    I would also ask every one to listen to this radio. this is one amazing post.

  50. lingerie murah says:

    gracies por plasmar como tu sabes el sentir y el ser de mucha gente, de los mineros, sus familias y el significado de vivir en zona minera.

  51. game truck rental says:

    infected machines throughout the world. Furthermore, we gathered

  52. Write my essay for cheap says:

    A very well written article with loads of information. Thanks for sharing your expertise.

  53. write my research paper says:

    Extremely thoughtful article! The concept of this article is so nice.

  54. Blonde hair with lowlights says:

    Nice article.Dying your hair is one way you can achieve an instant makeover. It can completely change the way you look or it can be used just for subtle highlights to accent your features. Lowlights work best for people with naturally light hair color.Adding lowlights to one's hair gives the 'domore volume and depth.They give the hair an added dimension and character, so easily lost with very light natural hues.

  55. bracelet antistatique esd says:

    we implemented a clone of the Waledac bot named Walowdac. It implements the communication features of Waledac

  56. Nance Cacciatore says:

    Wonderful stuff here, it's truly a great art of writing and something that someone like myself can truly have an appreciation for. Please keep up this wonderful skill.

  57. spilleautomaterslots.org says:

    peer to peer is the next level in internet technologies, it will go very far even in Norway as the spilleautomater norske will prevail.

  58. kolikkopelitnetissa.net says:

    didn't even realize there were this much infected machines.

  59. JAMSI says:

    Pretty adequate post. I merely stumbled aloft your web log and basic to say that I acquire extremely enjoyed annual your web log posts

  60. findout more says:

    A botnet is a network of compromised machines under the control of an attacker. Botnets are the driving force behind several misuses on the Internet, for example spam mails or automated identity theft.

  61. post surgical bras says:

    As a small peak of the results, the following pictures shows the number of active bots in different countries on a specific day in August 2009. We can for example observe diurnal patterns and clearly see the effects of timezones on the size of the botnet.

  62. paleo diet says:

    I have read the article, and I want to say thanks to you for exceptional information.

  63. www.bestessay says:

    the waledac is interesting to me, there are many online services company which provide writing service for the students, I am helpful with this article as I have to write an essay regarding waledac.

  64. EssayAvenue.co.uk says:

    i would appreciate the Walowdac Analysis.

  65. Vasectomy North carolina says:

    One of the most interesting botnets of 2009 was Waledac: the botnet implements a peer-to-peer-based communication channel and it can be seen as the successor of Storm Worm, since it implemented many similar ideas

  66. jasa seo murah says:

    thanks banget

  67. titusville personal injury lawyer says:

    I'm really impressed with what you provided us here with. It's truly wonderful content and i'm exciting to have stumbled across it. I can tell that your post was well thought out, and concise to say the least. You definitely wknow how to connect with your reader.

  68. Professional Logo Design online says:

    Nice to see great write up on your site yet again! Thank you for any other informative web site.We love the site and will come back to see your new posts.

  69. custom writing services says:

    It's simple: First, in one sentence compose what your paper is about at the top. Provided that that one sentence does not depict your entire paper continue updating that one sentence until it does. This is the gold of the paper. Trust me, it’s the most vital sentence. One and only sentence! furthermore not a statement more.

  70. car crash attorney melbourne fl says:

    This was a really good post that had tremendous value and benefits for the reader. I truly enjoyed reading this and hope you spit out new content because you've already won me over. This was a well-written piece and really kept us wanting some more. Keep up the good work. I can tell it was a success based on the amount of comments on here.

  71. management training says:

    Furthermore, we gathered internal information about the success rates of spam campaigns and newly introduced features like the theft of credentials from victim machines.

  72. teh daun tin says:

    thanks information

  73. st cloud golf course says:

    It's a great skill to be able to blog and write in todays day and age. I think you've done a spectacular job, and really like what you've done overall with the website here. Great stuff and wonderful job.

  74. Advanced Surgical says:

    Good stuff posted here -- I really appreciate everything you've been doing and providing great, quality and relevant content is truly a challenge, but you've figured out a way to get it done. Tremendous stuff here, you've really done a solid job. Thanks for sharing this today.

  75. chicken coop tips says:

    I had never even heard of sun tea before I read this and now that I have, I'm glad that has never seemed to be a thing where I live.

  76. plumber palm bay says:

    This was one of the better posts I've seen regarding this issue and topic. It made for a tremendous read, and I was really enthralled to have came across this. Keep up the good work, and I'm sure I'll be back to visit.

  77. partytent huren zwolle says:

    Really your blog is very interesting.... it contains great and unique information. I enjoyed to visiting your blog.


Add Comment


E-Mail addresses will not be displayed and will only be used for E-Mail notifications

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA 1CAPTCHA 2CAPTCHA 3CAPTCHA 4CAPTCHA 5