Defaming Botnet Toolkits: A Bottom-Up Approach to Mitigating the Threat

Botnets have become one of the most prevailing threats to today´s Internet partly due to the underlying economic incentives of operating one. Botnet toolkits sold by their authors allow any layman to generate his/her own customized botnet and become a botmaster; botnet services sold by botmasters allow any criminal to steal identities and credit card information; finally, such stolen credentials are sold to end-users to make unauthorized transactions. Many existing botnet countermeasures meet inherent difficulties when they choose to target the botmasters or authors of toolkits, because those at the highest levels of this food chain are also the most technology-savvy and elusive. In this paper, we propose a different, bottom-up approach. That is, we defame botnet toolkits through discouraging or prosecuting the end-users of the stolen credentials. To make the concept concrete, we present a case study of applying the approach to a popular botnet toolkit, Zeus, with two methodologies, namely, reverse engineering and behavioural analysis.