Skip to main content
SpringerLink
Log in

A Mobile Botnet That Meets Up at Twitter

  • Conference paper
  • First Online:
Security and Privacy in Communication Networks (SecureComm 2018)

Abstract

Nowadays online social networking is becoming one of the options for botnet command and control (C&C) communication, and QR codes have been widely used in the area of software automation. In this paper, we orchestrate QR codes, Twitter, Tor network, and domain generation algorithm to build a new generation of botnet with high recovery capability and stealthiness. Unlike the traditional centralized botnet, our design achieves dynamic C&C communication channels with no single point of failure. In our design, no cryptographic key is hard-coded on bots. Instead, we exploit domain generation algorithm to produce dynamic symmetric keys and QR codes as medium to transport dynamic asymmetric keys. By using this approach, botnet C&C communication payload can be ensured in terms of randomization and confidentiality. We implement our design via Twitter and real-world Tor network. According to the experiment results, our design is capable to do C&C communication with low data and minimal CPU usage. The goal of our work is to draw defenders’ attention for the cyber abuse of online social networking and Tor network; especially, the searching feature in online social networks provides a covert meet-up channel, and needs to be investigated as soon as possible. Finally, we discuss several potential countermeasures to defeat our botnet design.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Google announces over 2 billion monthly active devices on android. https://www.theverge.com/2017/5/17/15654454/android-reaches-2-billion-monthly-active-users

  2. Eslahi, M., Rostami, M.R., Hashim, H., Tahir, N.M., Naseri, M.V.: A data collection approach for mobile botnet analysis and detection. In: The IEEE Symposium on Wireless Technology and Applications (ISWTA), pp. 199–204. IEEE, Kota Kinabalu (2014)

    Google Scholar 

  3. Felt, A.P., Finifter, M., Chin, E., Hanna, S., Wagner D.: A survey of mobile malware in the wild. In: The 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 3–14. ACM, Chicago (2011)

    Google Scholar 

  4. Cooke, E., Jahanian, F., McPherson, D.: The zombie roundup: understanding, detecting, and disrupting botnets. In: The Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop, p. 6. USENIX, Cambridge (2005)

    Google Scholar 

  5. Bailey, M., Cooke, E., Jahanian, F., Xu, Y., Karir, M.,: A survey of botnet technology and defenses. In: The Conference for Homeland Security on Cybersecurity Applications & Technology (CATCH09), pp. 299–304. IEEE, Washington (2009)

    Google Scholar 

  6. Eslahi, M., Salleh, R., Anuar, N.B.: MoBots: a new generation of botnets on mobile devices and networks. In: IEEE Symposium on Computer Applications and Industrial Electronics (ISCAIE), pp. 262–266. IEEE, Kota Kinabalu (2012)

    Google Scholar 

  7. Malatras, A., Freyssinet, E., Beslay, L.: Mobile botnets taxonomy and challenges. In: European Intelligence and Security Informatics Conference, pp. 149–152. IEEE, Manchester (2015)

    Google Scholar 

  8. Dagon, D., Gu, G., Lee, C.P., Lee, W.: A taxonomy of botnet structures. In: 23rd Annual Computer Security Applications Conference, pp. 325–339. IEEE, Miami Beach (2007)

    Google Scholar 

  9. Krombholz, K., Frühwirt, P., Kieseberg, P., Kapsalis, I., Huber, M., Weippl, E.: QR code security: a survey of attacks and challenges for usable security. In: Tryfonas, T., Askoxylakis, I. (eds.) HAS 2014. LNCS, vol. 8533, pp. 79–90. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-07620-1_8

    Chapter  Google Scholar 

  10. Kieseberg, P., et al.: QR code security. In: 8th International Conference on Advances in Mobile Computing and Multimedia, pp. 430–435. ACM, Paris (2010)

    Google Scholar 

  11. Kharraz, A., Kirda, E., Robertson, W., Balzarotti, D., Francillon, A.: Optical delusions: a study of malicious QR codes in the wild. In: the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 192–203. IEEE, Atlanta (2014)

    Google Scholar 

  12. Cui, X., Fang, B., Yin, L., Liu, X., Zang, T.: Andbot: towards advanced mobile botnets. In: the 4th USENIX Conference on Large-scale Exploits and Emergent Threats, p. 11. USENIX, Boston (2011)

    Google Scholar 

  13. Singh, A., Toderici, A.H., Ross, K., Stamp, M.: Social networking for botnet command and control. Int. J. Comput. Netw. Inf. Secur. 5, 11–17 (2013)

    Google Scholar 

  14. Yin, T., Zhang, Y., Li, S.: DR-SNBot: a social network-based botnet with strong destroy-resistance. In: 9th IEEE International Conference on Networking. Architecture, and Storage, pp. 191–199. IEEE, Tianjin (2014)

    Google Scholar 

  15. Shin, S., Gu, G.: Conficker and beyond: a large-scale empirical study. In: the 26th Annual Computer Security Applications Conference, pp. 151–160. ACM, Austin (2010)

    Google Scholar 

  16. Conficker’s estimated economic cost? \(\$\)9.1 billion. http://www.zdnet.com/article/confickers-estimated-economic-cost-9-1-billion/

  17. Dingledine, R., Mathewson, N., Syverson, P.: Tor: the second- generation onion router. In: the 13th Conference on USENIX Security Symposium, p. 21. USENIX, San Diego (2004)

    Google Scholar 

  18. Orbot. https://www.torproject.org/docs/android.html.en

  19. Dong, Y.: An Android botnet that meets up at Twitter. http://csus-dspace.calstate.edu/handle/10211.3/198844

  20. Hua, J., Sakurai, K.: A SMS-based mobile botnet using flooding algorithm. In: Ardagna, C.A., Zhou, J. (eds.) WISTP 2011. LNCS, vol. 6633, pp. 264–279. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21040-2_19

    Chapter  Google Scholar 

  21. Zeng, Y., Shin, K.G., Hu, X.: Design of SMS commanded-and- controlled and P2P-structured mobile botnets. In: The 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks, pp. 137–148. ACM, Tucson (2012)

    Google Scholar 

  22. Faghani, M. R., Nguyen, U. T.: Socellbot: A new botnet design to infect smartphones via online social networking. In: 25th IEEE Canadian Conference on Electrical and Computer Engineering, pp. 1–5. IEEE, Montreal (2012)

    Google Scholar 

  23. Nagaraja, S., Houmansadr, A., Piyawongwisal, P., Singh, V., Agarwal, P., Borisov, N.: Stegobot: a covert social network botnet. In: Filler, T., Pevný, T., Craver, S., Ker, A. (eds.) IH 2011. LNCS, vol. 6958, pp. 299–313. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-24178-9_21

    Chapter  Google Scholar 

  24. Compagno, A., Conti, M., Lain, D., Lovisotto, G., Mancini, L.V.: Boten ELISA: A novel approach for botnet C&C in online social networks. In: IEEE Conference on Communications and Network Security, pp. 74–82. IEEE, Florence (2015)

    Google Scholar 

  25. Koobface: inside a crimeware network. https://www.nartv.org/2010/11/12/koobface-inside-a-crimeware-network/

  26. Thomas, K., Nicol, D.M.: The Koobface botnet and the rise of social malware. In: The 5th International Conference on Malicious and Unwanted Software, pp. 63–70. IEEE, Nancy (2010)

    Google Scholar 

  27. Web 2.0 Botnet Evolution Koobface Revisited. https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp__web-2-0-botnet-evolution-koobface.pdf

  28. Chasing Advanced Persistent Threats (APT). https://www.secureworks.com/research/chasing_apt

  29. Yao, H., Shin, D.: Towards preventing QR code based attacks on android phone using security warnings. In: The 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, pp. 341–346. ACM, Hangzhou (2013)

    Google Scholar 

  30. Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21, 1–5 (2012)

    MathSciNet  MATH  Google Scholar 

  31. Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Springer, New York (2013). https://doi.org/10.1007/978-3-662-04722-4

    Book  MATH  Google Scholar 

  32. Mobile twitter search. https://mobile.twitter.com/search

  33. Botnet prototype demonstration. https://youtu.be/LkfYa4OgvYI

  34. How secure is AES against brute force attacks. https://www.eetimes.com/document.asp?doc id=1279619

  35. Gu, G., Perdisci, R., Zhang, J., Lee, W.: BotMiner: clustering analysis of network traffic for protocol and structure-independent botnet detection. In: The 17th USENIX Security Symposium, pp. 1–5. USENIX, San Jose (2008)

    Google Scholar 

  36. Gopalan, S., Kulkarni, A., Shah, A., Dai, J., Ouyang, J., Muyan-Ozcelik, P., Sun, X.: Dont be surprised: i see your mobile app stealing your data. In: ICNC 2018-Mobile Computing & Vehicle Communications Symposium, to appear. ICNC, Hawaii (2018)

    Google Scholar 

  37. Filter bubble. https://www.techopedia.com/definition/28556/filter-bubble

Download references

Author information

Authors and Affiliations

  1. California State University, Sacramento, 6000 J Street, Sacramento, CA, 95819, USA

    Yulong Dong, Jun Dai & Xiaoyan Sun

Authors
  1. Yulong Dong
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jun Dai
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xiaoyan Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jun Dai .

Editor information

Editors and Affiliations

  1. Klaus Advanced Computing Building, Georgia Institute of Technology, Atlanta, GA, USA

    Raheem Beyah

  2. Singapore Management University, Singapore, Singapore

    Bing Chang

  3. School of Information Systems, Singapore Management University, Singapore, Singapore

    Yingjiu Li

  4. Pennsylvania State University, University Park, PA, USA

    Sencun Zhu

Rights and permissions

Reprints and permissions

Copyright information

© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Dong, Y., Dai, J., Sun, X. (2018). A Mobile Botnet That Meets Up at Twitter. In: Beyah, R., Chang, B., Li, Y., Zhu, S. (eds) Security and Privacy in Communication Networks. SecureComm 2018. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 255. Springer, Cham. https://doi.org/10.1007/978-3-030-01704-0_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-01704-0_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-01703-3

  • Online ISBN: 978-3-030-01704-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation