Botnet Attacks: A Case Study of Qbot Botnet Monitoring and Victims
Primary Investigator:
Connie Justice
Rushabh Vyas, Nichole McFarland
Abstract
In this case study, a Linux DDoS botnet malware, qbot, is researched and botnets are observed to find who the victims of DDoS attacks. Data gathered from honeypots, Shodan, and Censys was used to find C2 servers. To conduct monitoring of the C2 servers, a script was used to emulate a bot and connect to C2 servers. After a month of monitoring qbot C2 servers, it was discovered that DDoS attacks were conducted against video streaming sites, video game related sites and gaming servers, and rival DDoS services. Attackers were also observed communicating on C2 servers. C2 servers were seen mainly running on popular VPS provider networks.