Detecting A Botnet By Reverse Engineering
Abstract: Botnet malware is a
malicious program. Botnet that infects computers, called bots, will be
controlled by a botmaster to do various things such as: spamming, phishing,
keylogging Distributed Denial of Service (DDoS) and other activities that are
generally profitable to the owner of the bot (botmaster) or those who use
botnet services. The problem is that many computers have been controlled by
botnets without the knowledge of the computer owner. There are many ways to examine botnets, for
example by studying the traffic from the botnet network, studying how botnets
communicate to each, studying how each robot receives orders to do something,
and so forth. Of the many methods, the most frequently and commonly used is the
reverse engineering, where researchers study how a botnet works by botnet
debugging.
In this study the author tries to understand or research botnets by
taking a type of botnet, namely Agobot, using reverse engineering. One of the result of the research is that
malware program files in general and in particular botnet has a technique to
obscure the way that research using reverse engineering.
Another result also shows that the botnet Agobot runs on computers by
using the Windows service, and by changing the Windows registry so that every
time the computer starts, Agobot always actively works in the computer memory.
Keywords: Malware, Bot,
Botnet, Botmaster, Agobot, Spam, Distributed Denial of Services, Identity
Theft, Computer Security, Reverse Engineering, Debug, Windows Service, the
Registry
Penulis: Oesman Hendra Kelana,
Khabib Mustofa
Kode Jurnal: jptinformatikadd110154
