Mobil BOTNET İle DDOS Saldırısı

Year 2018, Volume: 11 Issue: 2, 111 - 121, 30.04.2018

Ersin Masum Refik Samet

https://doi.org/10.17671/gazibtd.306612

Cited By: 5

Abstract

Akıllı mobil cihazlar dünyadaki milyarlarca insanın kullandığı bir teknolojidir. Bu mobil cihazların internet, konum belirleme sistemleri (GPS), kablosuz iletişim ve sağlık uygulamaları gibi ileri düzey yetenek ve teknolojilerinin gelişimiyle kullanım oranları artmıştır. Mobil cihazların kullanım oranın artması zararlı yazılım geliştiricilerin bu alana olan ilgisini arttırmıştır. Değişik konularda büyük bir kullanım yelpazesine sahip olan bu cihazlar, güvenlik açısından henüz gelişme döneminde olan mobil işletim sistemleri nedeniyle zararlı yazılımların hedefi haline gelmiştir. Buna rağmen bilgisayar ile karşılaştırıldığında daha düşük güvenlik politikalarına sahip olduğu görülmektedir. Mobil cihaz kullanıcılarının, bilgisayar kullanıcılarına nazaran güvenlik güncelleme ve uygulamalarına yeterince önem vermedikleri tespit edilmiştir. ANDROID ve iOS sektördeki en popüler mobil işletim sistemleridir. ANDROID, akıllı cihaz pazar payının büyük bir kısmına sahip olması ve açık kod kaynaklı olması nedeniyle zararlı yazılım geliştiricilerin hedefi olmaya devam etmektedir. Son zamanlarda ortaya çıkan ve ANDROID cihazlarını hedef alan en tehlikeli tehditlerden birisi BOTNET saldırısıdır. Bu makalede, mobil BOTNET saldırılarının tanımı ve hâlihazırda mevcut BOTNET ailelerinin bir analizi ve DDOS maksadıyla kullanımı örnekler ile sunulmaktadır. Bu örnekleri analiz ederek, BOTNET saldırılarının ortak özellikleri ve davranışları açığa çıkarılacaktır. Bu sayede, kullanıcı farkındalığının artması ve cihazları üzerinde gerekli güvenlik güncellemelerini yapmaları ve resmi olmayan uygulama mağazalarından elde edilmiş yazılımları daha dikkatli kullanması sağlanacaktır.

Keywords

Akıllı Mobil Cihaz, Mobil İşletim Sistemi, ANDROID, Mobil Uygulama, Zararlı Yazılım, DDOS, BOTNET

DDOS Attack with Mobile BOTNET

Abstract

Smart
mobile devices are used by billions of people around the world. Utilization
rates of these devices have increased with the development of advanced
capabilities and technologies such as the internet, global location system
(GPS), wireless communications and various health applications. Increased use
of mobile devices has boosted the interest of malware developers in this area
as well. These devices, which have a wide spectrum of applications in various fields,
have become the target of malicious software due to underdevelopment of the
security aspects of mobile operating systems. They have less security policies,
compared to computers. It is also revealed that mobile users, with respect to
computer users, do not pay much attention to security updates and security-applications.
ANDROID and iOS are the most popular mobile operating systems in mobile
industry. ANDROID continues to be the target of malware developers since it is
open-source and holds the bigger share of the smart device OS market. One of
the most recent and dangerous threats to ANDROID devices is the BOTNET attack.
In this article, the definition of mobile BOTNET attacks, an analysis of the
existing BOTNET families and their utilization for DDOS attacks are presented
with examples. By analyzing these examples, common attributes and behaviors of
BOTNET attacks will be revealed. This will increase the awareness of users,
ensure that they apply necessary security updates on their devices and use the
application software retrieved from unofficial application stores more
carefully.

Keywords

Smart Mobile Device, Mobile Operating System, ANDROID, Mobile Application, Malware, DDOS, BOTNET

References

• P.W. Singer, A. Friedman, Cybersecurity And Cyberwar, 14-15, 2014.
• M. GÜRKAYNAK, Reel Dünyada Sanal Açmaz: Siber Alanda Uluslararası İlişkiler, Süleyman Demirel Üniversitesi İktisadi ve İdari Bilimler Fakültesi Dergisi, C.16, S.2, s.264, 2011.
• United States of America Department of Defence, “Department of Defence Dictionary of Associated Terms”, Joint Chiefs of Staff, 93, 2010.
• M.G. Todd, “Armed Attack In Cyberspace:Deterring Asymmetric Warfare With Anasymmetrıc Definition”, Air Force Law Review, 64, 68-69, 2009.
• İnternet: Elektrik neden kesildi? Türkiye genelinde elektrik kesintisi,http://www.ntv.com.tr/turkiye/elektrik-neden-kesildi-turkiye-genelindeelektrik-kesintisi,RhfwqMiN NkOUj5_sO12qJg, 28.02.2017.
• S. W. Brenner, M. D. Goodman,“In Defense of Cyberterrorism: An Argument for Anticipating Cyber-Attacks”, University of Illinois Journal of Law, Technology& Policy, 2002.
• Y. Xiang, W. Zhou, M. Chowdhury, “A Survey of Active and Passive Defence Mechanisms against DDOS Attacks” Deakin University, School of Information Technology, 51 (2), 1-42, 2010.
• Douligeris, C., ve Mitrokotsa, A., “DDOS Attacks and Defense Mechanisms: Classification and State-of-the-Art”, Computer Networks, Department of Informatics University of Piraeus, 643-666, 2003.
• İnternet: STM “Siber Tehdit Durum Raporu Ekim- Aralık 2016”,https://www.stm.com.tr/documents/file/Pdf/Siber Tehdit Durum Raporu Ekim- Aralık 2016.pdf, 01.04.2017.
• İnternet: IoT-Powered DDOS Attacks and SCADA Incidents Will Make Top Security Headlines in 2017 Bitdefender predicts https://businessinsights.bitdefender.com/iot-DDOS-attacks-scada-incidents, 01.03.2017.
• A. Flo, A. Josang, Consequences of BOTNETs Spreading to Mobile Devices, Proc. 14th Nordic Conference on Secure IT Systems, (NordSec), 37-43, 2009.
• İnternet: Worldwide Smartphone Growth Goes Flat in Q1 2016, Apple Market Share Drops to 15.3%, HYPERLINK "http://www.iclarified.com/54990/worldwide-smartphone-growth-goes-flat-in-q1-2016-apple-market-share-drops-to-153-chart" http://www.iclarified.com/54990/worldwide-smartphone-growth-goes-flat-in-q1-2016-apple-market-share-drops-to-153-chart, 17.02.2016.
• L. Jae-Seo, J. HyunCheol, P. Jun-Hyung, K. Minsoo, and N. Bong-Nam, The Activity Analysis of Malicious HTTP-Based BOTNETs Using Degree of Periodic Repeatability, Proc. of the International Conference on Security Technology (SECTECH), 83-86, 2008.
• S. Joshi, R. Khanna, L.K. Joshi, “ANDROID Botnet: An Upcoming Challenge”, National Conference on Advances in Engineering, Technology & Management, 5-10, 2015.
• A. Gorla, I. Tavecchia, F. Gross, A. Zeller. “Checking App Behavior Against App Descriptions.”, ICSE, 1025-1035, 2014.
• D. Kılınç, F. Bozyiğit, E. Borandağ, F. Yücalar, H. Akyol, E. B. Akırmak, Z. Uzun, “Sınıflandırma Tabanlı Zombi Bilgisayar Tespit Sistemi”, 2015.
• N. Hoque, D. K. Bhattacharyya, J. K. Kalita, “Botnet in DDOS Attacks: Trends and Challenges”, IEEE Communıcatıon Surveys & Tutorials, 17, 2243-2269, 2015.
• S. Kandula, D. Katabi, M. Jacob, and A. Berger, “Botz-4- sale: Surviving Organized Ddos Attacks That Mimic Flash Crowds,”, 287-300, 2005.
• İnternet: Current ANDROID malware, Forensics blog, http://forensics.spreitzenbarth.de/ANDROID-malware, 19.02.2016. C. A. Castillo, ANDROID malware past, present, and future, (McAfee), https://pdfs.semanticscholar.org/5735/6502310474ba9 564ec8f581494b8de50b3e5.pdf, 22.02.2016.
• M. Eslahi, R.Salleh and N.B Anuar, MoBots: A New Generation of BOTNETs on Mobile Devices and Networks, International Symposium on Computer Applications and Industrial Electronics (ISCAIE), Kota Kinabalu Malaysia, 262-266, 2012.
• İnternet: Eurograbber SMS Trojan steals €36 million from online banks, HYPERLINK "http://www.techworld.com/news/security/eurograbber-sms-trojan-steals-36-million" http://www.techworld.com/news/security/eurograbber-sms-trojan-steals-36-million-from-online-banks-3415014, 19.02.2016.
• İnternet: Released ANDROID Malware Source Code Used to Run a Banking Botnet, http://www.welivesecurity.com/2017/02/23/ released-ANDROID-malware-source-code-used-run-banking-botnet/, 25.02.2016.
• N.B. Thakkar, “An Analytical Model Based On Permissions For Detecting Malware For An Innovative Platform ANDROID: Mobıle Operating System”, KAAV International Journal Of Science, Engineering & Technology, Nisan-Haziran, 23, 2015.
• R. P. Minch, “Privacy Issues in Location-Aware Mobile Devices”, Proc. 37th Annual Hawaii International Conference on System Sciences (HICSS‟04) - Track 5 - Volume 5. Washington, DC, USA: IEEE Computer Society, 50, 2004.
• Y. Zeng, On detection of current and next-generation BOTNETs, Ph.D. thesis, University of Michigan, Michigan, 2012.
• İnternet: A Whale of a Tale: HummingBad Returns, http://blog.checkpoint.com/2017/01/23/hummingbad-returns, 17.02.2016.
• İnternet: 10 Million ANDROID Phones Infected by All-Powerful Auto-Rooting Apps, https://arstechnica.com/security/ 2016/07/virulent-auto-rooting-malware-takes-control-of-10-million-ANDROID-devices/, 27.02.2016.
• İnternet: Manifest Permission List, https://developer. ANDROID.com/reference/ANDROID/Manifest.permission.html, 25.02.2016.
• K. W. Y. Au, Y. F. Zhou, Z. Huang, P. Gill, and D. Lie, Short paper: a look at smartphone permission models, Proc. 1st ACM workshop on Security and privacy in smartphones and mobile devices, ser. SPSM ‟11, 63–68, 2011.
• İnternet: A Guide to Understanding ANDROID App Permissions (& How to Manage Them), HYPERLINK "http://www.hongkiat.com/blog/android-app-permissions/" http://www.hongkiat.com /blog/ANDROID-app-permissions/, 28.02.2016.
• A. P. Felt, K. Greenwood, and D. Wagner, The Effectiveness of Application Permissions. Proc. Of the 2nd USENIX Conference on Web Application Development (WebApps), USENIX Association, 75-86, 2012.
• W. Enck, M. Ongtang, and P. McDaniel, On lightweight mobile phone application certification, Proc. Of the 16th ACM Conference on Computer and Communication Security (CCS), New York, 235-245, 2009.
• M. Bailey, E. Cooke, F. Jahanian, X. Yunjing, and M. Karir, A Survey of BOTNET Technology and Defenses, in Proceedings of the Cybersecurity Applications & Technology Conference for Homeland Security (CATCH), 299-304, 2009.
• Vibha Manjunath, “Reverse Engineering Of Malware On ANDROID”, University of ESSEX, 2011.
• N. Hachem, Y. Ben Mustapha, G. G. Granadillo, and H. Debar, BOTNETs: Lifecycle and Taxonomy, in Proceedings of the Conference on Network and Information Systems Security (SAR-SSI), 1-8, 2011.
• H. PIETERSE AND M. S. OLIVIER, ANDROID BOTNETs on the rise: Trends and characteristics, In: Information Security for South Africa (ISSA), IEEE, 1-5, 2012.
• W. Zhou, Y. Zhou, X. Jiang, and P Ning, Detecting repackaged smartphone applications in third-party ANDROID marketplaces, Proc of the 2nd ACM conference on Data Application Security and Privacy, San Antonio, TX, USA, 317-326, 2012.
• İnternet: E. Çelik, “Web Sunucularında DDOS-Botnet Saldırılarını Minimize Etme (DDOS Ataklar Nasıl Önlenir)”, http://www.mshowto.org/web-sunucularinda-DDOS-botnet-saldirilarini-minimize-etme-DDOS-ataklar-nasil-onlenir.html, 27.03.2016.