What is Botnet, Backdoor, Logicbomb, Watering holes ?

What is Bot/Botnet ?

Botnet is a collection of compromised computers under the control of a master node. Or in other words botnet is a collection of Internet-connected user computers (bots) infected by malicious software (malware) that allows the computers to be controlled remotely by an operator (bot herder/master node) through a C2 channel Command-and-Control server to perform automated tasks, such as stealing confidential information or launching attacks on other computers.

What Is Backdoor ?

A backdoor is any method that allows somebody hackers to remotely access your device without your knowledge or permission. Backdoors are used to bypass normal security and authentication functions. Remote Access Trojan(RAT) is the first choice of hacker for backdoors. Remote Access Trojan (RAT) is placed by an attacker to maintain persistent access. Once hackers log into your device without your knowledge, they can use these backdoors for a variety of reasons, such as: data theft, surveillance & malware attacks.

What Is Logicbomb ?

Malicious code that has been inserted inside a program and will execute only when certain conditions have been met. logic bombs can go undetected for long periods of time, until they’re triggered by the coded condition. The conditions that trigger a logic bomb can be categorized as positive or negative. Logic bombs with positive triggers detonate after a condition is met, such as when you open a particular file. Negative triggers launch a logic bomb when a condition is not met, such as when the bomb isn’t deactivated in time.

Active Interception & Privilege Escalation

  • Active Interception: Occurs when a computer is placed between the sender and receiver and is able to capture or modify the traffic between them.
  • Privilege Escalation: Occurs when you are able to exploit a design flaw or bug in a system to gain access to resources that a normal user isn’t able to access.

What Is Watering Holes ?

Watering hole is a malware which is placed on a website that you know your potential victims will access. Watering Hole attacks, also known as strategic website compromise attacks, are limited in scope as they rely on an element of luck. Attackers that are attempting opportunistic watering hole attacks for financial gain or to build their botnet can achieve this by compromising popular consumer websites.

Symptoms of Infection

Your computer might have been infected if it begins to act strangely

  • Hard drives, files, or applications are not accessible anymore
  • Strange noises occur
  • Unusual error messages
  • Display looks strange
  • Jumbled printouts
  • Double file extensions are being displayed, such as textfile.txt.exe
  • New files and folders have been created or files and folders are missing/corrupted
  • System Restore will not function

How to Remove Malwares from System

  • Identify symptoms of a malware infection
  • Quarantine the infected systems
  • Disable System Restore (if using a Windows machine)
  • Remediate the infected system
  • Schedule automatic updates and scans
  • Enable System Restore and create a new restore point
  • Provide end user security awareness training
  • If a boot sector virus is suspected, reboot the computer from an external device and scan it

Read More About Security

What is cybersecurity & why it is important ?

CIA Triad & AAA in Information Security

What is malware and its different types ?

Threat Hunting: Hunting Techniques & Methodologies

3 thoughts on “What is Botnet, Backdoor, Logicbomb, Watering holes ?

Leave a Reply

Your email address will not be published. Required fields are marked *