Friendly Bot

Abstract

Bot net is collection of bot agents. These bot agents are infected to the systems around the world. A bot infects from single standalone system to entire network. These infected systems act under direct command received from the bot herder through the bot command and control center. The bot herder uses bot net to send spam, perform DoS attacks, information stealing, etc. A bot net is designed to gain access each infected system through IRC or HTTP protocol. The bot agent has the capability of spread using removable devices, Internet, local network, email. This project is an attempt to adopt the characteristics of a bot net, a bot agent and use these capabilities to protect vulnerable systems. In this attempt, main characteristic such as IRC protocol to communicate with the command and control center, spreading the bot agent, download components from the command and control center, are adopted. The purpose of the designed bot is to provide protection to the infected system through automated processes and processes with human interaction. The bot is designed to open a backdoor to the bot herder and operate under the given instructions. The bot has characteristics of a worm to spread itself and it tries to exploit the system vulnerabilities that are common to the running operating system. The bot has the characteristics of Trojan, which gather data based on instruction from the bot herder. The data gathered by the bot is used for troubleshooting, detect security risks. The bot is designed as a collection of different components. These components provide the functionalities such as communication, gather data, troubleshooting, downloading other components, uploading data and spread. The decomposition of the bot in to different component gives the advantage of small sized components, which make the spreading process more efficient. The bot provides antivirus package to required system and based on the bot herder instructions, it creates and intranet to provide required security patches to the running operating systems. The evaluation and testing of bot gave positive results for proving security patch for the running operating system.