Abstract

Botnets are organized networks of infected computers that are used for malicious purposes. An example is Kelihos.B, a botnet of the Kelihos family used primarily for mining bitcoins, sending spam and stealing bitcoin wallets. A large part of the Kelihos.B botnet was sinkholed in early 2012 and since then bots are sending requests to controlled servers. In this paper, we analyze and characterize the behavior of Kelihos. B. Our analysis is based on the log file of the bot request logged at the sinkhole from March 2012 to early November 2013. We investigate both the overall characteristics of the botnets, as well as on its evolution over time since the time of the sinkholing. Our results indicate that, although this trend is decreasing, there are possibly still newly infected bots even more than a year from the original sinkholing.
Original languageUndefined
Title of host publicationProceedings of the 8th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2014
EditorsAnna Sperotto, Guillaume Doyen, Steven Latré, Marinos Charalambides, Burkhard Stiller
Place of PublicationBerlin Heidelberg
PublisherSpringer
Pages79-91
Number of pages13
ISBN (Print)978-3-662-43861-9
DOIs
StatePublished - 30 Jun 2014

Publication series

NameLecture Notes in Computer Science
PublisherSpringer
Volume8508
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Fingerprint

Servers

Keywords

  • EWI-25302
  • METIS-309660
  • IR-93591

Cite this

Kerkers, M., Cardoso de Santanna, J. J., & Sperotto, A. (2014). Characterisation of the Kelihos.B Botnet. In A. Sperotto, G. Doyen, S. Latré, M. Charalambides, & B. Stiller (Eds.), Proceedings of the 8th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2014 (pp. 79-91). (Lecture Notes in Computer Science; Vol. 8508). Berlin Heidelberg: Springer. DOI: 10.1007/978-3-662-43862-6_11

Kerkers, Max; Cardoso de Santanna, José Jair; Sperotto, Anna / Characterisation of the Kelihos.B Botnet.

Proceedings of the 8th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2014. ed. / Anna Sperotto; Guillaume Doyen; Steven Latré; Marinos Charalambides; Burkhard Stiller. Berlin Heidelberg : Springer, 2014. p. 79-91 (Lecture Notes in Computer Science; Vol. 8508).

Research output: Scientific - peer-reviewConference contribution

@inbook{b3240fdccf0e46cfb032cd6fc484364c,
title = "Characterisation of the Kelihos.B Botnet",
abstract = "Botnets are organized networks of infected computers that are used for malicious purposes. An example is Kelihos.B, a botnet of the Kelihos family used primarily for mining bitcoins, sending spam and stealing bitcoin wallets. A large part of the Kelihos.B botnet was sinkholed in early 2012 and since then bots are sending requests to controlled servers. In this paper, we analyze and characterize the behavior of Kelihos. B. Our analysis is based on the log file of the bot request logged at the sinkhole from March 2012 to early November 2013. We investigate both the overall characteristics of the botnets, as well as on its evolution over time since the time of the sinkholing. Our results indicate that, although this trend is decreasing, there are possibly still newly infected bots even more than a year from the original sinkholing.",
keywords = "EWI-25302, METIS-309660, IR-93591",
author = "Max Kerkers and {Cardoso de Santanna}, {José Jair} and Anna Sperotto",
note = "10.1007/978-3-662-43862-6_11",
year = "2014",
month = "6",
doi = "10.1007/978-3-662-43862-6_11",
isbn = "978-3-662-43861-9",
series = "Lecture Notes in Computer Science",
publisher = "Springer",
pages = "79--91",
editor = "Anna Sperotto and Guillaume Doyen and Steven Latré and Marinos Charalambides and Burkhard Stiller",
booktitle = "Proceedings of the 8th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2014",

}

Kerkers, M, Cardoso de Santanna, JJ & Sperotto, A 2014, Characterisation of the Kelihos.B Botnet. in A Sperotto, G Doyen, S Latré, M Charalambides & B Stiller (eds), Proceedings of the 8th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2014. Lecture Notes in Computer Science, vol. 8508, Springer, Berlin Heidelberg, pp. 79-91. DOI: 10.1007/978-3-662-43862-6_11

Characterisation of the Kelihos.B Botnet. / Kerkers, Max; Cardoso de Santanna, José Jair; Sperotto, Anna .

Proceedings of the 8th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2014. ed. / Anna Sperotto; Guillaume Doyen; Steven Latré; Marinos Charalambides; Burkhard Stiller. Berlin Heidelberg : Springer, 2014. p. 79-91 (Lecture Notes in Computer Science; Vol. 8508).

Research output: Scientific - peer-reviewConference contribution

TY - CHAP

T1 - Characterisation of the Kelihos.B Botnet

AU - Kerkers,Max

AU - Cardoso de Santanna,José Jair

AU - Sperotto,Anna

N1 - 10.1007/978-3-662-43862-6_11

PY - 2014/6/30

Y1 - 2014/6/30

N2 - Botnets are organized networks of infected computers that are used for malicious purposes. An example is Kelihos.B, a botnet of the Kelihos family used primarily for mining bitcoins, sending spam and stealing bitcoin wallets. A large part of the Kelihos.B botnet was sinkholed in early 2012 and since then bots are sending requests to controlled servers. In this paper, we analyze and characterize the behavior of Kelihos. B. Our analysis is based on the log file of the bot request logged at the sinkhole from March 2012 to early November 2013. We investigate both the overall characteristics of the botnets, as well as on its evolution over time since the time of the sinkholing. Our results indicate that, although this trend is decreasing, there are possibly still newly infected bots even more than a year from the original sinkholing.

AB - Botnets are organized networks of infected computers that are used for malicious purposes. An example is Kelihos.B, a botnet of the Kelihos family used primarily for mining bitcoins, sending spam and stealing bitcoin wallets. A large part of the Kelihos.B botnet was sinkholed in early 2012 and since then bots are sending requests to controlled servers. In this paper, we analyze and characterize the behavior of Kelihos. B. Our analysis is based on the log file of the bot request logged at the sinkhole from March 2012 to early November 2013. We investigate both the overall characteristics of the botnets, as well as on its evolution over time since the time of the sinkholing. Our results indicate that, although this trend is decreasing, there are possibly still newly infected bots even more than a year from the original sinkholing.

KW - EWI-25302

KW - METIS-309660

KW - IR-93591

U2 - 10.1007/978-3-662-43862-6_11

DO - 10.1007/978-3-662-43862-6_11

M3 - Conference contribution

SN - 978-3-662-43861-9

T3 - Lecture Notes in Computer Science

SP - 79

EP - 91

BT - Proceedings of the 8th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2014

PB - Springer

ER -

Kerkers M, Cardoso de Santanna JJ, Sperotto A. Characterisation of the Kelihos.B Botnet. In Sperotto A, Doyen G, Latré S, Charalambides M, Stiller B, editors, Proceedings of the 8th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2014. Berlin Heidelberg: Springer. 2014. p. 79-91. (Lecture Notes in Computer Science). Available from, DOI: 10.1007/978-3-662-43862-6_11