ABSTRACT

The main motivations behind cybercrimes involving botnets are unsurprisingly money and politics. Botnets can provide different services from running disruptive distributed denial-of-service (DDoS) campaigns, crypto-mining campaigns, intelligence gathering, to anonymizing and disrupting communications. DoS attacks can be either volumetric or application-level attacks. The volumetric attacks, as the name implies, will overload a target with high volumes of traffic. DDoS was the primary malicious payload in bots for a long time. In 2017, the use of cryptographic currency in ransomware became the new normal. When security researchers are hunting botnets, they can fairly easily get access to the binaries by tricking the scanner and loader in their honeypots. However, they are left with only a binary and typically no source code for new and emerging botnets. Making persistent bots that work across a wide range of devices and manufacturers would require much research as they use different methods to allow the process to be started during boot.