Title :
Protecting Web 2.0 Services from Botnet Exploitations
Author :
Vo, Nguyen H. ; Pieprzyk, Josef
Author_Institution :
Dept. of Comput., Macquarie Univ., North Ryde, NSW, Australia
Abstract :
Recently, botnet, a network of compromised computers, has been recognized as the biggest threat to the Internet. The bots in a botnet communicate with the botnet owner via a communication channel called Command and Control (C & C) channel. There are three main C & C channels: Internet Relay Chat (IRC), Peer-to-Peer (P2P) and web-based protocols. By exploiting the flexibility of the Web 2.0 technology, the web-based botnet has reached a new level of sophistication. In August 2009, such botnet was found on Twitter, one of the most popular Web 2.0 services. In this paper, we will describe a new type of botnet that uses Web 2.0 service as a C & C channel and a temporary storage for their stolen information. We will then propose a novel approach to thwart this type of attack. Our method applies a unique identifier of the computer, an encryption algorithm with session keys and a CAPTCHA verification.
Keywords :
Web services; computer network security; cryptographic protocols; formal verification; peer-to-peer computing; social networking (online); C&C channel; CAPTCHA verification; Internet relay chat; Twitter; Web 2.0 service protection; Web-based protocol; botnet exploitation; command and control channel; communication channel; computer network; encryption algorithm; peer-to-peer protocol; temporary storage; Blogs; Computers; Cryptography; Humans; Web server; API; CAPTCHA; MAC address; Trojan 2.0; Web 2.0; botnet; communication channel;
Conference_Titel :
Cybercrime and Trustworthy Computing Workshop (CTC), 2010 Second
Conference_Location :
Ballarat, VIC
Print_ISBN :
978-1-4244-8054-8
Electronic_ISBN :
978-0-7695-4186-0
DOI :
10.1109/CTC.2010.10
