Characterisation of the Kelihos.B Botnet

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    7 Citations (Scopus)
    69 Downloads (Pure)

    Abstract

    Botnets are organized networks of infected computers that are used for malicious purposes. An example is Kelihos.B, a botnet of the Kelihos family used primarily for mining bitcoins, sending spam and stealing bitcoin wallets. A large part of the Kelihos.B botnet was sinkholed in early 2012 and since then bots are sending requests to controlled servers. In this paper, we analyze and characterize the behavior of Kelihos. B. Our analysis is based on the log file of the bot request logged at the sinkhole from March 2012 to early November 2013. We investigate both the overall characteristics of the botnets, as well as on its evolution over time since the time of the sinkholing. Our results indicate that, although this trend is decreasing, there are possibly still newly infected bots even more than a year from the original sinkholing.
    Original languageUndefined
    Title of host publicationProceedings of the 8th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2014
    EditorsAnna Sperotto, Guillaume Doyen, Steven Latré, Marinos Charalambides, Burkhard Stiller
    Place of PublicationBerlin Heidelberg
    PublisherSpringer
    Pages79-91
    Number of pages13
    ISBN (Print)978-3-662-43861-9
    DOIs
    Publication statusPublished - 30 Jun 2014

    Publication series

    NameLecture Notes in Computer Science
    PublisherSpringer
    Volume8508
    ISSN (Print)0302-9743
    ISSN (Electronic)1611-3349

    Keywords

    • EWI-25302
    • METIS-309660
    • IR-93591

    Cite this

    Kerkers, M., Cardoso de Santanna, J. J., & Sperotto, A. (2014). Characterisation of the Kelihos.B Botnet. In A. Sperotto, G. Doyen, S. Latré, M. Charalambides, & B. Stiller (Eds.), Proceedings of the 8th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2014 (pp. 79-91). (Lecture Notes in Computer Science; Vol. 8508). Berlin Heidelberg: Springer. https://doi.org/10.1007/978-3-662-43862-6_11
    Kerkers, Max ; Cardoso de Santanna, José Jair ; Sperotto, Anna . / Characterisation of the Kelihos.B Botnet. Proceedings of the 8th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2014. editor / Anna Sperotto ; Guillaume Doyen ; Steven Latré ; Marinos Charalambides ; Burkhard Stiller. Berlin Heidelberg : Springer, 2014. pp. 79-91 (Lecture Notes in Computer Science).
    @inproceedings{b3240fdccf0e46cfb032cd6fc484364c,
    title = "Characterisation of the Kelihos.B Botnet",
    abstract = "Botnets are organized networks of infected computers that are used for malicious purposes. An example is Kelihos.B, a botnet of the Kelihos family used primarily for mining bitcoins, sending spam and stealing bitcoin wallets. A large part of the Kelihos.B botnet was sinkholed in early 2012 and since then bots are sending requests to controlled servers. In this paper, we analyze and characterize the behavior of Kelihos. B. Our analysis is based on the log file of the bot request logged at the sinkhole from March 2012 to early November 2013. We investigate both the overall characteristics of the botnets, as well as on its evolution over time since the time of the sinkholing. Our results indicate that, although this trend is decreasing, there are possibly still newly infected bots even more than a year from the original sinkholing.",
    keywords = "EWI-25302, METIS-309660, IR-93591",
    author = "Max Kerkers and {Cardoso de Santanna}, {Jos{\'e} Jair} and Anna Sperotto",
    note = "10.1007/978-3-662-43862-6_11",
    year = "2014",
    month = "6",
    day = "30",
    doi = "10.1007/978-3-662-43862-6_11",
    language = "Undefined",
    isbn = "978-3-662-43861-9",
    series = "Lecture Notes in Computer Science",
    publisher = "Springer",
    pages = "79--91",
    editor = "Anna Sperotto and Guillaume Doyen and Steven Latr{\'e} and Marinos Charalambides and Burkhard Stiller",
    booktitle = "Proceedings of the 8th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2014",

    }

    Kerkers, M, Cardoso de Santanna, JJ & Sperotto, A 2014, Characterisation of the Kelihos.B Botnet. in A Sperotto, G Doyen, S Latré, M Charalambides & B Stiller (eds), Proceedings of the 8th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2014. Lecture Notes in Computer Science, vol. 8508, Springer, Berlin Heidelberg, pp. 79-91. https://doi.org/10.1007/978-3-662-43862-6_11

    Characterisation of the Kelihos.B Botnet. / Kerkers, Max; Cardoso de Santanna, José Jair; Sperotto, Anna .

    Proceedings of the 8th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2014. ed. / Anna Sperotto; Guillaume Doyen; Steven Latré; Marinos Charalambides; Burkhard Stiller. Berlin Heidelberg : Springer, 2014. p. 79-91 (Lecture Notes in Computer Science; Vol. 8508).

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    TY - GEN

    T1 - Characterisation of the Kelihos.B Botnet

    AU - Kerkers, Max

    AU - Cardoso de Santanna, José Jair

    AU - Sperotto, Anna

    N1 - 10.1007/978-3-662-43862-6_11

    PY - 2014/6/30

    Y1 - 2014/6/30

    N2 - Botnets are organized networks of infected computers that are used for malicious purposes. An example is Kelihos.B, a botnet of the Kelihos family used primarily for mining bitcoins, sending spam and stealing bitcoin wallets. A large part of the Kelihos.B botnet was sinkholed in early 2012 and since then bots are sending requests to controlled servers. In this paper, we analyze and characterize the behavior of Kelihos. B. Our analysis is based on the log file of the bot request logged at the sinkhole from March 2012 to early November 2013. We investigate both the overall characteristics of the botnets, as well as on its evolution over time since the time of the sinkholing. Our results indicate that, although this trend is decreasing, there are possibly still newly infected bots even more than a year from the original sinkholing.

    AB - Botnets are organized networks of infected computers that are used for malicious purposes. An example is Kelihos.B, a botnet of the Kelihos family used primarily for mining bitcoins, sending spam and stealing bitcoin wallets. A large part of the Kelihos.B botnet was sinkholed in early 2012 and since then bots are sending requests to controlled servers. In this paper, we analyze and characterize the behavior of Kelihos. B. Our analysis is based on the log file of the bot request logged at the sinkhole from March 2012 to early November 2013. We investigate both the overall characteristics of the botnets, as well as on its evolution over time since the time of the sinkholing. Our results indicate that, although this trend is decreasing, there are possibly still newly infected bots even more than a year from the original sinkholing.

    KW - EWI-25302

    KW - METIS-309660

    KW - IR-93591

    U2 - 10.1007/978-3-662-43862-6_11

    DO - 10.1007/978-3-662-43862-6_11

    M3 - Conference contribution

    SN - 978-3-662-43861-9

    T3 - Lecture Notes in Computer Science

    SP - 79

    EP - 91

    BT - Proceedings of the 8th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2014

    A2 - Sperotto, Anna

    A2 - Doyen, Guillaume

    A2 - Latré, Steven

    A2 - Charalambides, Marinos

    A2 - Stiller, Burkhard

    PB - Springer

    CY - Berlin Heidelberg

    ER -

    Kerkers M, Cardoso de Santanna JJ, Sperotto A. Characterisation of the Kelihos.B Botnet. In Sperotto A, Doyen G, Latré S, Charalambides M, Stiller B, editors, Proceedings of the 8th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2014. Berlin Heidelberg: Springer. 2014. p. 79-91. (Lecture Notes in Computer Science). https://doi.org/10.1007/978-3-662-43862-6_11