Abstract
Botnets account for a substantial portion of cybercrime. Botmasters utilize darkweb marketplaces to promote and provide their services, which can vary from renting or buying a botnet (or parts of it) to hiring services (e.g., distributed denial of service attacks). At the same time, botnet takedown attempts have proven to be challenging, demanding a combination of technical and legal methods, and often requiring the collaboration of a plethora of entities with varying jurisdictions. In this article, we map the elements associated with the business aspect of botnets and utilize them to develop adaptations of two widely used business models. Furthermore, we analyze the 28 most notable botnet takedown operations carried out from 2008 to 2021, in regard to the methods employed, and illustrate the correlation between these methods and the segments of our adapted business models. Our analysis suggests that the botnet takedown methods have been mainly focused on the technical side, but not on the botnet economic components. We aim to shed light on new takedown vectors and incentivize takedown actors to expand their efforts to methods oriented more toward the business side of botnets, which could contribute toward eliminating some of the challenges that surround takedown operations.
- [1] . 2020. Value Chain Analysis: An Internal Assessment of Competitive Advantage. Retrieved December 22, 2022 from https://www.business-to-you.com/value-chain/.Google Scholar
- [2] . 2019. Why Botnets Persist: Designing Effective Technical and Policy Interventions. Retrieved December 22, 2022 from https://internetpolicy.mit.edu/wp-content/uploads/2019/09/publications-ipri-2019-02.pdf.Google Scholar
- [3] . 2020. Ransom Demands Return: New DDoS Extortion Threats from Old Actors Targeting Finance and Retail. Retrieved December 22, 2022 from https://blogs.akamai.com/sitr/2020/08/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html.Google Scholar
- [4] Bruce Sterling. 2008. Srizbi Botnet Re-commandeered, spewing spam all over. https://www.wired.com/2008/11/srizbi-botnet-r/.Google Scholar
- [5] . 2017. A survey of botnet detection based on DNS. Neural Computing and Applications 28, 7 (2017), 1541–1558.Google ScholarDigital Library
- [6] . 2017. Under the shadow of sunshine: Understanding and detecting bulletproof hosting on legitimate service provider networks. In Proceedings of the 2017 IEEE Symposium on Security and Privacy (SP’17). IEEE, Los Alamitos, CA, 805–823.
DOI: Google ScholarCross Ref - [7] . 2017. Botnet command and control architectures revisited: Tor hidden services and fluxing. In Proceedings of the International Conference on Web Information Systems Engineering. 517–527. https://link.springer.com/chapter/10.1007/978-3-319-68786-5_41.Google ScholarDigital Library
- [8] . 2017. Understanding the Mirai botnet. In Proceedings of the 26th USENIX Security Symposium (USENIX Security’17). 1093–1110.Google Scholar
- [9] . 2020. Genesis Marketplace, a Digital Fingerprint Darknet Store. Retrieved December 22, 2022 from https://www.f5.com/labs/articles/threat-intelligence/genesis-marketplace--a-digital-fingerprint-darknet-store.Google Scholar
- [10] . 2013. FBI and Microsoft take down $500m-theft botnet Citadel. BBC. Retrieved December 22, 2022 from https://www.bbc.com/news/technology-22795074#::text=The%20FBI%20and%20Microsoft%20have,million%20machines%20to%20steal%20data.Google Scholar
- [11] . 2015. Exploring threats and vulnerabilities in hacker web: Forums, IRC and carding shops. In Proceedings of the 2015 IEEE International Conference on Intelligence and Security Informatics (ISI’15). IEEE, Los Alamitos, CA, 85–90.
DOI: Google ScholarCross Ref - [12] . 2018. Next generation P2P botnets: Monitoring under adverse conditions. In Research in Attacks, Intrusions, and Defenses, , , , and (Eds.). Springer International Publishing, Cham, Switzerland, 511–531. Google Scholar
- [13] . 2020. Why criminals can’t hide behind Bitcoin. Science. Retrieved December 22, 2022 from https://www.sciencemag.org/news/2016/03/why-criminals-cant-hide-behind-bitcoin.Google Scholar
- [14] . 2014. The botnet revenue model. In Proceedings of the 7th International Conference on Security of Information and Networks (SIN’14). ACM, New York, NY, 459–465.
DOI: Google ScholarDigital Library - [15] . 2014. Bitcoin and money laundering: Mining for an effective solution. Indiana Law Journal 89 (2014), 441.Google Scholar
- [16] . 2020. New action to disrupt world’s largest online criminal network. Microsoft. Retrieved December 22, 2022 from https://blogs.microsoft.com/on-the-issues/2020/03/10/necurs-botnet-cyber-crime-disrupt/.Google Scholar
- [17] . 2021. DarkMarket: World’s Largest Illegal Dark Web Marketplace Taken Down. Retrieved December 22, 2022 from https://www.europol.europa.eu/newsroom/news/darkmarket-worlds-largest-illegal-dark-web-marketplace-taken-down.Google Scholar
- [18] . 2022. Processing of botnet tracking data under the GDPR. Computer Law & Security Review 45 (2022), 105652.
DOI: Google ScholarCross Ref - [19] . 2011. Measuring pay-per-install: The commoditization of malware distribution. In Proceedings of the 20th USENIX Security Symposium (USENIX Security’11). 13. https://www.usenix.org/conference/usenix-security-11/measuring-pay-install-commoditization-malware-distribution.Google Scholar
- [20] . 2020. Why Are We Losing the Cyberwar? Retrieved December 22, 2022 from https://www.forbes.com/sites/forbestechcouncil/2020/01/22/why-are-we-losing-the-cyberwar/.Google Scholar
- [21] . 2013. Microsoft, the FBI, Europol and industry partners disrupt the notorious ZeroAccess botnet. Microsoft. Retrieved December 22, 2022 from https://news.microsoft.com/2013/12/05/microsoft-the-fbi-europol-and-industry-partners-disrupt-the-notorious-zeroaccess-botnet/.Google Scholar
- [22] . 2010. Stuxnet, the real start of cyber warfare? [Editor’s Note]. IEEE Network 24, 6 (2010), 2–3.Google ScholarDigital Library
- [23] . 2011. The cyber threat landscape: Challenges and future research directions. Computers & Security 30, 8 (2011), 719–731.Google ScholarDigital Library
- [24] . 2020. Microsoft orchestrates coordinated takedown of Necurs botnet. ZDNET. Retrieved December 22, 2022 from https://www.zdnet.com/article/microsoft-orchestrates-coordinated-takedown-of-necurs-botnet/.Google Scholar
- [25] . 2007. Botnets: The rise of the machines. In Proceedings on the 6th Annual Security Conference. ACM, New York, NY, 1–14.Google Scholar
- [26] . 2005. The zombie roundup: Understanding, detecting, and disrupting botnets. In Proceedings of the Steps to Reducing Unwanted Traffic on the Internet Workshop (SRUTI’05). 39–44.Google Scholar
- [27] . 2018. My terrifying deep dive into one of Russia’s largest hacking forums. The Guardian. Retrieved December 22, 2022 from https://www.theguardian.com/commentisfree/2018/jul/24/darknet-dark-web-hacking-forum-internet-safety.Google Scholar
- [28] . 2020. Can Monero Be Traced? How the U.S. Is Trying to Track the Privacy Coin. Retrieved December 22, 2022 from https://www.bitrates.com/news/p/can-monero-be-traced-how-the-us-is-trying-to-track-the-privacy-coin.Google Scholar
- [29] . 2009. A study of the Pushdo/Cutwail botnet.Google Scholar
- [30] . 2020. With the Empire Falling, Who Will Take Over the Throne? Retrieved December 22, 2022 from https://www.digitalshadows.com/blog-and-research/with-the-empire-falling-who-will-take-over-the-throne/.Google Scholar
- [31] . 2012. So you want to take over a botnet. In Proceedings of the 5th USENIX Conference on Large-Scale Exploits and Emergent Threats (LEET’12). 6.Google ScholarDigital Library
- [32] . 2010. A case study in ethical decision making regarding remote mitigation of botnets. In Proceedings of the International Conference on Financial Cryptography and Data Security. 216–230.Google ScholarCross Ref
- [33] . 2018. Identifying, collecting, and presenting hacker community data: Forums, IRC, carding shops, and DNMs. In Proceedings of the 2018 IEEE International Conference on Intelligence and Security Informatics (ISI’18). IEEE, Los Alamitos, CA, 70–75.Google ScholarDigital Library
- [34] . 2016. How To: Business Model Canvas Explained. Retrieved December 22, 2022 from https://medium.com/seed-digital/how-to-business-model-canvas-explained-ad3676b6fe4a.Google Scholar
- [35] . 2019. A chronological look at the biggest botnet attacks of the 21st century. https://www.eccouncil.org/cybersecurity-exchange/ethical-hacking/the-biggest-botnet-attacks-to-date/.Google Scholar
- [36] . 2020. EMCDDA Special Report: COVID-19 and Drugs—Drug Supply via DarkNet Markets. Retrieved December 22, 2022 from https://www.emcdda.europa.eu/publications/ad-hoc/covid-19-and-drugs-drug-supply-via-darknet-markets.Google Scholar
- [37] . 2020. ENISA Threat Landscape 2020—Cryptojacking. Retrieved December 22, 2022 from https://www.enisa.europa.eu/publications/enisa-threat-landscape-2020-cryptojacking.Google Scholar
- [38] . 2020. ENISA Threat Landscape 2020: Cyber Attacks Becoming More Sophisticated, Targeted, Widespread and Undetected. Retrieved December 22, 2022 from https://www.enisa.europa.eu/news/enisa-news/enisa-threat-landscape-2020.Google Scholar
- [39] . 2017. To improve cybersecurity, think like a hacker. MIT Sloan Management Review 58, 3 (2017), 71.Google Scholar
- [40] . 2014. Global Action Targeting Shylock Malware. Retrieved December 22, 2022 from https://www.europol.europa.eu/newsroom/news/global-action-targeting-shylock-malware.Google Scholar
- [41] . 2015. Botnet Taken Down through International Law Enforcement Cooperation. Retrieved December 22, 2022 from https://www.europol.europa.eu/newsroom/news/botnet-taken-down-through-international-law-enforcement-cooperation.Google Scholar
- [42] . 2016. ‘Avalance’ Network Dismantled in International Cyber Operation. Retrieved December 22, 2022 from https://www.europol.europa.eu/newsroom/news/%E2%80%98avalanche%E2%80%99-network-dismantled-in-international-cyber-operation.Google Scholar
- [43] . 2019. MONEY MULING: Public awareness and prevention. Retrieved December 22, 2022 from https://www.europol.europa.eu/operations-services-and-innovation/public-awareness-and-prevention-guides/money-muling.Google Scholar
- [44] . 2021. World’s Most Dangerous Malware EMOTET Disrupted through Global Action. Retrieved December 22, 2022 from https://www.europol.europa.eu/newsroom/news/world%E2%80%99s-most-dangerous-malware-emotet-disrupted-through-global-action.Google Scholar
- [45] . 2020. Pricing Analysis: Dark Web Marketplaces 2020. Retrieved December 22, 2022 from https://go.flashpoint-intel.com/docs/flashpoint-pricing-analysis-dark-web-marketplaces-2020.Google Scholar
- [46] . 2006. Cent, five cent, ten cent, dollar: Hitting botnets where it really hurts. In Proceedings of the 2006 Workshop on New Security Paradigms (NSPW’06). ACM, New York, NY, 3–10.
DOI: Google ScholarDigital Library - [47] . 2007. Black Market Botnets. Retrieved December 22, 2022 from https://prism.ucalgary.ca/handle/1880/45380.Google Scholar
- [48] . 2018. ChainChannels: Private botnet communication over public blockchains. In Proceedings of the 2018 IEEE International Conference on Internet of Things (iThings’18) and IEEE Green Computing and Communications (GreenCom’18) and IEEE Cyber, Physical, and Social Computing (CPSCom’18), and IEEE Smart Data (SmartData’18). IEEE, Los Alamitos, CA, 1244–1252.
DOI: Google ScholarCross Ref - [49] . 2014. An empirical comparison of botnet detection methods. Computers & Security 45 (2014), 100–123.Google ScholarDigital Library
- [50] . 2021. A qualitative mapping of Darkweb marketplaces. In Proceedings of the 2021 APWG Symposium on Electronic Crime Research (eCrime). IEEE, Los Alamitos, CA, 1–15.
DOI: Google ScholarCross Ref - [51] . 2022. COVID-19 vaccination certificates in the Darkweb. Digital Threats: Research and Practice. Accepted April 2022.
DOI: Google ScholarDigital Library - [52] . 2020. Dark Web Price Index 2020. Retrieved December 22, 2022 from https://www.privacyaffairs.com/dark-web-price-index-2020/#6.Google Scholar
- [53] . 2012. Russian Underground 101. Trend Micro.Google Scholar
- [54] . 2015. Bulletproof Hosting Services: Cybercriminal Hideouts for Lease. Retrieved December 22, 2022 from https://www.trendmicro.com/vinfo/pl/security/news/cybercrime-and-digital-threats/bulletproof-hosting-services-cybercriminal-hideouts-for-lease.Google Scholar
- [55] . 2011. Conficker Working Group says worm is stopped, but not gone. CSO. Retrieved December 22, 2022 from https://www.csoonline.com/article/2126743/conficker-working-group-says-worm-is-stopped--but-not-gone.html.Google Scholar
- [56] . 2007. Peer-to-peer botnets: Overview and case study. In Proceedings of the 1st Workshop on Hot Topics in Understanding Botnets (HotBots’07). 1.Google Scholar
- [57] . 2019. Understanding the Different Cybercriminal Platforms: AVCs, Marketplaces, and Forums. Retrieved December 22, 2022 from https://www.digitalshadows.com/blog-and-research/understanding-the-different-cybercriminal-platforms-avcs-marketplaces-and-forums/.Google Scholar
- [58] . 2020. IRC Channel. Retrieved December 22, 2022 from https://wiki.hackerspaces.org/IRC_Channel.Google Scholar
- [59] . 2015. Breaking up a botnet—How Ramnit was foiled. Microsoft. Retrieved December 22, 2022 from https://blogs.microsoft.com/eupolicy/2015/10/22/breaking-up-a-botnet-how-ramnit-was-foiled/.Google Scholar
- [60] . 2020. Silk Road bitcoins worth $1bn change hands after seven years. The Guardian. Retrieved December 22, 2022 from https://www.theguardian.com/technology/2020/nov/04/silk-road-bitcoins-worth-1bn-change-hands-after-seven-years.Google Scholar
- [61] . 2018. Systematically understanding the cyber attack business: A survey. ACM Computing Surveys 51, 4 (2018), 1–36.Google ScholarDigital Library
- [62] . 2020. Cybercrime-as-a-service operations. In The Palgrave Handbook of International Cybercrime and Cyberdeviance. Springer International Publishing, Cham, Switzerland, 815–846.
DOI: Google ScholarCross Ref - [63] . 2020. TrickBot malware under siege from all sides, and it’s working. BleepingComputer. Retrieved December 22, 2022 from https://www.bleepingcomputer.com/news/security/trickbot-malware-under-siege-from-all-sides-and-its-working/.Google Scholar
- [64] . 2016. Porter’s Value Chain. Retrieved December 22, 2022 from https://www.ifm.eng.cam.ac.uk/research/dstools/value-chain-/.Google Scholar
- [65] . 2015. INTERPOL supports global operation against Dorkbot botnet. Interpol. Retrieved December 22, 2022 from https://www.interpol.int/es/Noticias-y-acontecimientos/Noticias/2015/INTERPOL-supports-global-operation-against-Dorkbot-botnet.Google Scholar
- [66] . 2013. The Silk Road Shuts Down, But the Black Market Isn’t Going Anywhere. Retrieved December 22, 2022 from https://www.forbes.com/sites/erikkain/2013/10/02/the-silk-road-shuts-down-but-the-black-market-isnt-going-anywhere/?sh=6cff0e987a6c.Google Scholar
- [67] . 2016. Stress testing the booters: Understanding and undermining the business of DDoS services. In Proceedings of the 25th International Conference on World Wide Web (WWW’16). 1033–1043.
DOI: Google ScholarDigital Library - [68] . 2014. Shylock/Caphaw Malware Trojan: The Overview. Retrieved December 22, 2022 from https://securelist.com/shylockcaphaw-malware-trojan-the-overview/64599/.Google Scholar
- [69] . 2021. Zeus Virus. Retrieved December 22, 2022 from https://usa.kaspersky.com/resource-center/threats/zeus-virus.Google Scholar
- [70] . 2015. The Return of Ramnit: Life After a Law Enforcement Takedown. Retrieved December 22, 2022 from https://securityintelligence.com/the-return-of-ramnit-life-after-a-law-enforcement-takedown/.Google Scholar
- [71] . 2014. A taxonomy of botnet behavior, detection, and defense. IEEE Communications Surveys Tutorials 16, 2 (2014), 898–924.
DOI: Google ScholarCross Ref - [72] . 2017. DDoS in the IoT: Mirai and other botnets. Computer 50, 7 (2017), 80–84. https://ieeexplore.ieee.org/abstract/document/7971869.Google ScholarDigital Library
- [73] . 2011. U.S. Government Takes Down Coreflood Botnet. Retrieved December 22, 2022 from https://krebsonsecurity.com/2011/04/u-s-government-takes-down-coreflood-botnet/.Google Scholar
- [74] . 2011. ‘Biggest Cybercriminal Takedown in History.’ Retrieved December 22, 2022 from https://krebsonsecurity.com/2011/11/malware-click-fraud-kingpins-arrested-in-estonia/.Google Scholar
- [75] . 2012. Top Spam Botnet, “Grum,” Unplugged. Retrieved December 22, 2022 from https://krebsonsecurity.com/2012/07/top-spam-botnet-grum-unplugged/.Google Scholar
- [76] . 2017. Who Is Anna-Senpai, the Mirai Worm Author? Retrieved December 22, 2022 from https://krebsonsecurity.com/2017/01/who-is-anna-senpai-the-mirai-worm-author/.Google Scholar
- [77] . 2021. International Action Targets Emotet Crimeware. Retrieved December 22, 2022 from https://krebsonsecurity.com/2021/01/international-action-targets-emotet-crimeware/.Google Scholar
- [78] . 2020. Is Bitcoin Traceable? Things You Must Know. Retrieved December 22, 2022 from https://www.moneytaskforce.com/money/is-bitcoin-traceable/.Google Scholar
- [79] . 2011. Click trajectories: End-to-end analysis of the spam value chain. In Proceedings of the 2011 IEEE Symposium on Security and Privacy (SP’11). IEEE, Los Alamitos, CA, 431–446.
DOI: Google ScholarDigital Library - [80] . 2012. Microsoft seizes Chinese dot-org to kill Nitol bot army. The Register. Retrieved December 22, 2022 from https://www.theregister.com/2012/09/13/botnet_takedown/.Google Scholar
- [81] . 2014. Toward a monopoly botnet market. Information Security Journal: A Global Perspective 23, 4-6 (2014), 159–171.
DOI: Google ScholarDigital Library - [82] . 2009. Botnet economics: Uncertainty matters. In Managing Information Risk and the Economics of Security. Springer, Boston, MA, 245–267. https://link.springer.com/chapter/10.1007/978-0-387-09762-6_12Google ScholarCross Ref
- [83] . 2021. Ryuk Ransomware. Retrieved December 22, 2022 from https://www.malwarebytes.com/ryuk-ransomware/.Google Scholar
- [84] . 2021. Trickbot. Retrieved December 22, 2022 from https://www.malwarebytes.com/trickbot/.Google Scholar
- [85] . 2013. No Money Mule, No Problem: Recruitment Website Kits for Sale. Retrieved December 22, 2022 from https://securityintelligence.com/money-mule-problem-recruitment-website-kits-sale/.Google Scholar
- [86] . 2017. The Kelihos Botnet. Retrieved December 22, 2022 from https://www.malwaretech.com/2017/04/the-kelihos-botnet.html.Google Scholar
- [87] DarknetOnions.com. 2021. How to Use ToRReZ Market: A Complete Guide. https://darknetone.com/how-to-use-torrez-market-a-complete-guide/.Google Scholar
- [88] Darknetone.com. 2021. Dread. https://darknetone.com/market/dread/.Google Scholar
- [89] DarknetOnions.com. 2021. How to Use White House Market: A Complete Guide. https://darknetone.com/how-to-use-white-house-market-a-complete-guide/.Google Scholar
- [90] DarknetOnions.com. 2021. Complete Guide to Hydra Market. https://darknetone.com/a-complete-guide-to-hydra-market/.Google Scholar
- [91] . 2020. How dark web users utilise postal services to buy and ship drugs. OSINT. Retrieved December 22, 2022 from https://www.osintme.com/index.php/2020/06/12/how-dark-web-users-utilise-postal-services-to-buy-and-ship-drugs/.Google Scholar
- [92] . 2017. The war in cyberspace: Why we are losing—How to fight back. YouTube. Retrieved December 22, 2022 from https://www.youtube.com/watch?v=nq__jneFcps&ab_channel=RSAConference.Google Scholar
- [93] . 2018. Botnet detection in the Internet of Things using deep learning approaches. In Proceedings of the 2018 International Joint Conference on Neural Networks (IJCNN’18). IEEE, Los Alamitos, CA, 1–8.Google ScholarCross Ref
- [94] . 2015. Gameover Zeus—Bad Guys and Backends. Retrieved December 22, 2022 from https://www.blackhat.com/docs/us-15/materials/us-15-Peterson-GameOver-Zeus-Badguys-And-Backends.pdf.Google Scholar
- [95] . 2016. A brief survey of cryptocurrency systems. In Proceedings of the 2016 14th Annual Conference on Privacy, Security, and Trust (PST’16). IEEE, Los Alamitos, CA, 745–752.Google ScholarCross Ref
- [96] . 2013. Beheading hydras: Performing effective botnet takedowns. In Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security (CCS’13). ACM, New York, NY, 121–132.
DOI: Google ScholarDigital Library - [97] . 2017. 2 Leading Online Black Markets Are Shut Down by Authorities. Retrieved December 22, 2022 from https://www.nytimes.com/2017/07/20/business/dealbook/alphabay-dark-web-opioids.html.Google Scholar
- [98] . 2012. Osterwalder explaining the Business Model Canvas. YouTube. Retrieved December 22, 2022 from https://www.youtube.com/watch?v=RzkdJiax6Tw&t=1939s&ab_channel=GonzaloAste.Google Scholar
- [99] . 2010. Business Model Generation: A Handbook for Visionaries, Game Changers, and Challengers. John Wiley & Sons, Hoboken, NJ.Google Scholar
- [100] . 2019. Cat and Mouse: Understanding the Security Industry’s Failure to Stop Cyberattackers. Retrieved December 22, 2022 from https://securityboulevard.com/2019/08/cat-and-mouse-understanding-the-security-industrys-failure-to-stop-cyberattackers/.Google Scholar
- [101] . 2020. Why Hackers Use Bitcoin and Why It Is So Difficult to Trace. Retrieved December 22, 2022 from https://www.wsj.com/articles/why-hackers-use-bitcoin-and-why-it-is-so-difficult-to-trace-11594931595.Google Scholar
- [102] . 2021. February 2021’s Most Wanted Malware: Trickbot Takes Over Following Emotet Shutdown. Retrieved December 22, 2022 from https://blog.checkpoint.com/2021/03/11/february-2021s-most-wanted-malware-trickbot-takes-over-following-emotet-shutdown/.Google Scholar
- [103] . 2021. Welcome to Eggdrop! Retrieved December 22, 2022 from https://www.eggheads.org/.Google Scholar
- [104] . 2021. International Police Operation LadyBird: Global Botnet Emotet Dismantled. Retrieved December 22, 2022 from https://www.politie.nl/nieuws/2021/januari/27/11-internationale-politieoperatie-ladybird-botnet-emotet-wereldwijd-ontmanteld.html.Google Scholar
- [105] . 1985. Creating and sustaining superior performance. Competitive Advantage 167 (1985), 167–206.Google Scholar
- [106] . 2020. Cybercrime at scale: Dissecting a dark web phishing kit. INFOSEC. Retrieved December 22, 2022 from https://resources.infosecinstitute.com/topic/cybercrime-at-scale-dissecting-a-dark-web-phishing-kit/.Google Scholar
- [107] . 2020. BARTD: Bio-inspired anomaly based real time detection of under rated app-DDoS attack on web. Journal of King Saud University-Computer and Information Sciences 32, 1 (2020), 73–87.Google ScholarDigital Library
- [108] . 2018. Business model of a botnet. In Proceedings of the 2018 26th Euromicro International Conference on Parallel, Distributed, and Network-Based Processing (PDP’18). IEEE, Los Alamitos, CA, 441–445.
DOI: Google ScholarCross Ref - [109] . 2005. Chasing Dirty Money: The Fight Against Money Laundering. Peterson Institute, Washington, DC.Google Scholar
- [110] . 2013. Survey and taxonomy of botnet research through life-cycle. ACM Computing Surveys 45, 4 (Aug. 2013), Article 45, 33 pages.
DOI: Google ScholarDigital Library - [111] . 2013. Cybercrime Exposed: Cybercrime-as-a-Service. McAfee.Google Scholar
- [112] . 2019. What we’ve learned from 10 years of the Conficker mystery. F-Secure. Retrieved December 22, 2022 from https://blog.f-secure.com/what-weve-learned-from-10-years-of-the-conficker-mystery/.Google Scholar
- [113] . 2013. Microsoft, FBI Trumpet Citadel Botnet Takedowns. Retrieved December 22, 2022 from https://www.darkreading.com/attacks-and-breaches/microsoft-fbi-trumpet-citadel-botnet-takedowns/d/d-id/1110261.Google Scholar
- [114] . 2015. Dorkbot Botnets Get Busted. Retrieved December 22, 2022 from https://www.bankinfosecurity.com/dorkbot-ddos-botnets-get-busted-a-8728.Google Scholar
- [115] . 2010. Modeling the economic incentives of DDoS attacks: Femtocell case study. In Economics of Information Security and Privacy. Springer, Boston, MA, 107–119. .Google ScholarCross Ref
- [116] . 2017. Kelihos.E Botnet—Law Enforcement Takedown. Retrieved December 22, 2022 from https://www.shadowserver.org/news/kelihos-e/.Google Scholar
- [117] . 2018. Avalanche 1,2,3... Retrieved December 22, 2022 from https://www.shadowserver.org/news/avalanche-123/.Google Scholar
- [118] . 2018. Fixing a hole: The labor market for bugs. In New Solutions for Cybersecurity. MIT Press, Cambridge, MA, 129–159.Google Scholar
- [119] . 2020. 5 Dark Web Marketplaces Security Professionals Need to Know About. Retrieved December 22, 2022 from https://www.getsignal.info/blog/5-dark-web-marketplaces.Google Scholar
- [120] . 2020. 7 Dark Web Forums You Need to Monitor for Improved Cyber Security. Retrieved December 22, 2022 from https://www.getsignal.info/blog/7-dark-web-forums-for-improved-cybersecurity.Google Scholar
- [121] . 2013. Botnets: A survey. Computer Networks 57, 2 (2013), 378–403.
DOI: Google ScholarDigital Library - [122] . 2020. New McAfee Report Estimates Global Cybercrime Losses to Exceed $1 Trillion. https://www.mcafee.com/en-us/consumer-corporate/newsroom/press-releases/press-release.html?news_id=6859bd8c-9304-4147-bdab-32b35457e629.Google Scholar
- [123] . 2012. Cybercrime: Dissecting the state of underground enterprise. IEEE Internet Computing 17, 1 (2012), 60–68.Google ScholarDigital Library
- [124] . 2013. Crimeware-as-a-service—A survey of commoditized crimeware in the underground market. International Journal of Critical Infrastructure Protection 6, 1 (2013), 28–38.Google ScholarCross Ref
- [125] . 2019. German police shut down one of world’s biggest dark web sites. The Guardian. Retrieved December 22, 2022 from https://www.theguardian.com/world/2019/may/03/german-police-close-down-dark-web-marketplace.Google Scholar
- [126] . 2009. Your botnet is my botnet: Analysis of a botnet takeover. In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS’09). ACM, New York, NY, 635–647.
DOI: Google ScholarDigital Library - [127] . 2011. The underground economy of spam: A botmaster’s perspective of coordinating large-scale spam campaigns. In Proceedings of the 2011 USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET’11). 1–8. https://www.usenix.org/legacy/event/leet11/tech/full_papers/Stone-Gross.pdfGoogle Scholar
- [128] . 2020. Business Model Canvas. Retrieved December 22, 2022 from https://www.strategyzer.com/bmc_thank_you?submissionGuid=9a5690b9-b0d9-4274-b423-a121993570ec.Google Scholar
- [129] . 2010. The Deconstruction of the Mariposa Botnet. Defence Intelligence.Google Scholar
- [130] . 2019. What Are the Primary Activities of Michael Porter’s Value Chain? Retrieved December 22, 2022 from https://www.investopedia.com/ask/answers/050115/what-are-primary-activities-michael-porters-value-chain.asp.Google Scholar
- [131] . 2017. Innovation in the Underworld: Reducing the Risk of Ripper Fraud. Retrieved December 22, 2022 from https://www.digitalshadows.com/blog-and-research/innovation-in-the-underworld-reducing-the-risk-of-ripper-fraud/.Google Scholar
- [132] . 2020. Torrez Market | Torrez Market Links | Torrez Dark Web Links. Retrieved December 22, 2022 from https://www.thedarkweblinks.com/torrez-market/.Google Scholar
- [133] . 2017. International team takes down virus-spewing Andromeda botnet. The Register. Retrieved December 22, 2022 from https://www.theregister.com/2017/12/05/international_team_takes_down_virusspewing_andromeda_botnet/.Google Scholar
- [134] . 2016. Online criminals iced as cops bury malware-spewing Avalanche. The Register. Retrieved December 22, 2022 from https://www.theregister.com/2016/12/01/cops_shutter_avalanche_dark_net/.Google Scholar
- [135] Brett Stone-Gross, Tillmann Werner, and Bex Hartley. 2018. Farewell to Kelihos and ZOMBIE SPIDER. https://www.crowdstrike.com/blog/farewell-to-kelihos-and-zombie-spider/.Google Scholar
- [136] . 2019. Tor: Onion Service Protocol. Retrieved December 22, 2022 from https://2019.www.torproject.org/docs/onion-services.Google Scholar
- [137] Traynor Ian. 2007. Russia accused of unleashing cyberwar to disable Estonia. https://www.theguardian.com/world/2007/may/17/topstories3.russia.Google Scholar
- [138] . 2021. Ransomware. Retrieved December 22, 2022 from https://www.trendmicro.com/vinfo/us/security/definition/ransomware.Google Scholar
- [139] . 2010. Peer-to-peer botnets. In Handbook of Information and Communication Security. Springer, 335–350.Google ScholarCross Ref
- [140] . 2009. A systematic study on peer-to-peer botnets. In Proceedings of the 2009 18th International Conference on Computer Communications and Networks (ICCCN’09). IEEE, Los Alamitos, CA, 1–8.
DOI: Google ScholarDigital Library - [141] . 2018. Botnet takedown snares 3ve, Methbot ad fraud campaigns. TechTarget. Retrieved December 22, 2022 from https://searchsecurity.techtarget.com/news/252453401/Botnet-takedown-snares-3ve-Methbot-ad-fraud-campaigns.Google Scholar
- [142] . 2019. FBI: How we stopped the Mirai botnet attacks. TechTarget. Retrieved December 22, 2022 from https://searchsecurity.techtarget.com/news/252459016/FBI-How-we-stopped-the-Mirai-botnet-attacks.Google Scholar
- [143] . 2015. Botnet takedowns and the fourth amendment. New York University Law Review 90 (2015), 746.Google Scholar
- [144] . 2016. Mules, seals, and attacking tools: Analyzing 12 online marketplaces. IEEE Security & Privacy 14, 3 (2016), 32–43.Google ScholarDigital Library
Index Terms
- Botnet Business Models, Takedown Attempts, and the Darkweb Market: A Survey
Recommendations
Honeypot detection in advanced botnet attacks
Botnets have become one of the major attacks in the internet today due to their illicit profitable financial gain. Meanwhile, honeypots have been successfully deployed in many computer security defence systems. Since honeypots set up by security ...
Analysis of a Botnet Takeover
Botnets, networks of malware-infected machines (bots) that are controlled by an adversary, are the root cause of a large number of security problems on the Internet. A particularly sophisticated and insidious type of bot is Torpig, a malware program ...
Dissecting SpyEye - Understanding the design of third generation botnets
Botnet malware is improving with the latest (3rd) generation exemplified by the SpyEye and Zeus botnets. These botnets are important to understand because they target online financial transactions, primarily with banks. In this paper, we analyze the ...
Comments