The Detection of 8 Type Malware botnet using Hybrid Malware Analysis in Executable File Windows Operating Systems

The Detection of 8 Type Malware botnet using Hybrid Malware Analysis in Executable File Windows Operating Systems

Author		: GANDEVA BAYU; NIKEN DWI WAHYU CAHYANI; RITCHIE FERGINDO ANDRETA; 
Published on	: The 17th International Conference on Electronic Commerce 2015 (ICEC 2015)

Abstract

Nowadays a lot of botnet are being used for the purpose of cybercrime such as distributed denial of services (DDos) or information stealing. Botnet is a collection of computers connected through Internet that has been taken over by an attacker using malwares. These infected computer are known as bot or zombie. These bot are controllable for the attacker through an infrastructure called Command and Control (C\&C) server. In general, the spread of botnets Windows operating system as its main target in the form of executable file (.exe). Right now Windows have a massive number of application in the form of executable file and almost all of it doing connection to the Internet. So it make it very difficult to distinguish an executable file as a malware botnet or not. Therefore, to identify and detecting a malware botnet required malware analysis on Windows executable file. Many ways can be done in analyzing a malware. However, generally speaking there are two techniques in malware analysis. That is static analysis and dynamic analysis. By combining both the results of static analysis, dynamic analysis can produce data for detecting malware botnet in the executable files of Windows operating system that are Herpestnet, Ann Loader, mbot, Vertexnet, Athena, Elite Loader, Gbot, dan Cythosia.