Abstract
A recent emerging trend in the underground economy is malware dissemination as a service. Complex botnet infrastructures are developed to spread and install malware for third-party customers. In this research work, a botnet forensic investigation model is proposed to investigate and analyze large-scale botnets. The proposed investigation model is applied to a real-world law-enforcement investigation case that involves investigation of a large-scale malware dissemination botnet called BredoLab. The results of the forensic investigation show the effectiveness of the proposed model in assisting law-enforcement to conduct a successful forensic analysis of BredoLab botnet and its related resources.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Schiller, C., Binkley, J., Harley, D., Evron, G., Bradley, T., Willems, C.: Botnets, the killer web app., pp. 77–85. Syngress Publishing, Canada (2007)
Yip, M.: The Underground Economy Ecosystem (2011), http://www.michaelyip.me.uk/blog/2011/08/the-underground-economy-ecosystem/
Ianelli, N., Hackworth, A.: Botnets as a Vehicle for Online Crime. In: First International Conference on Forensic Computer Science. Carnegie Mellon University, Pittsburgh (2005)
Stone-Gross, B., Holtz, T., Stringhini, G., Vigna, G.: The Underground Economy of Spam: A botmaster’s perspective of coordinating large-scale spam campaigns. In: 4th USENIX Workshop on Large-Scale Exploits and Emergent Threats. University of California, Santa Barbara (2011)
Ligh, M.H., Adair, S., Hartstein, B., Richard, M.: Malware Analyst’s Cookbook and DVD, pp. 283–330. Wiley Publishing Inc., Canada (2011)
Ligh, M.H., Adair, S., Hartstein, B., Richard, M.: Malware Analyst’s Cookbook and DVD, pp. 211–224. Wiley Publishing Inc., Canada (2011)
Sancho, S.: You Scratch My Back... Bredolab’s Sudden Rise in Prominence. Trend Mirco Inc. (2009)
Tenebro, G.: The Bredolab Files. Symantec Corporation (2009)
Leaseweb, http://blog.leaseweb.com/2010/08/31/leaseweb-offers-free-web-hosting-to-fight-cybercrime/
Abuse.ch The Swiss Security Blog, http://www.abuse.ch
National High Tech Crime Unit.: Replay Analyst Toolkit. KLPD, Driebergen (2011)
Norman ASA Norway, http://www.norman.com
February 2011 Intelligence Report, Bredolab, Zeus and SpyEye stage synchronized, integrated attacks. Symantec Corporation (2011)
Stone-Gross, B., Cova, M., Cavallaro, L., Gilbert, B., Szydlowski, M., Kemmerer, R., Kruegel, C., Vigna, G.: Your Botnet is My Botnet: Analysis of a Botnet Takeover. In: 16th ACM conference on Computer and communications security, pp. 635–647. University of California, Santa Barbara (2009)
Dittrich, D.: So You Want to Take Over a Botnet... In: 5th USENIX Workshop on Large-Scale Exploits and Emergent Threats. University of Washington, Seattle (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
de Graaf, D., Shosha, A.F., Gladyshev, P. (2013). BREDOLAB: Shopping in the Cybercrime Underworld. In: Rogers, M., Seigfried-Spellar, K.C. (eds) Digital Forensics and Cyber Crime. ICDF2C 2012. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 114. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-39891-9_19
Download citation
DOI: https://doi.org/10.1007/978-3-642-39891-9_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-39890-2
Online ISBN: 978-3-642-39891-9
eBook Packages: Computer ScienceComputer Science (R0)