Spot the Bot: Tracking and Analyzing Botnet Operations
About the Speaker
Reverse Engineer & Malware Analyst at Kroll, Inc
Marc Messer is a reverse engineer and malware analyst from Knoxville, Tennessee. He currently works in support of Cyber Threat Intelligence at Kroll, Inc. In his spare time, he enjoys running, mountain biking, and cheering on the Vols.
According to the FBI, in 2014, botnet infections occurred 18x a minute. This led to an estimated 9 billion dollars in damage domestically in the US and 110 billion dollars in damage globally. The Hacker News claims that in 2024, this estimate grew to over 180 billion dollars of annual damage. Fastly claims significant incidents cost companies an average of 2.9 million dollars.
This session would focus on methodologies for tracking botnet software, victims, operators, and servers. The session is also a small dive into botnet software, allowing for discussion of the botnet client (analysis, potential signatures), the potential for mimicking functionality, and creating neutered samples to join the botnet. The outcomes should be an increased understanding of possible vectors for threat hunting and malware analysis. Along the way, various anecdotes about interactions with botnet operators will be attempted for entertainment.