ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

Sample Annotated Bibliography Developed for the Botnet Menace ASrticle

Updated on February 19, 2018

Published: January 19, 2012

An author should maintain a record of the sources the author consults while developing a research paper. This author may then include this record in the paper as a reference sheet or bibliography. The difference between the two is that the author should only include sources cited in the paper in a reference sheet; every source listed in the reference sheet should be cited in the paper. A bibliography, on the other hand, list every source the author consulted while researching the topic whether the author cited the source or not.

An annotated bibliography lists each source along with a description of the content of the source and the author's intention for using the source; what does the source provide? Professors often require learners in higher education to submit an annotated bibliography to document the research process for a major project, such as a program thesis.

This author developed a series of hubs to document the menace of rootkits and botnets. The following annotated bibliography documents the research process used to develop that hub, which was adapted from an actual thesis submitted to fulfill the requirements of a degree program in Information Security. The reader may consult this sample annotated bibliography to determine the proper format.

—————————————————————————————————————

Annotated Bibliography

Baskin, B., Bradley, T., Faircloth, J., Schiller, C., A., Caruso, K., Piccard, P., James, L. (2006). Combating Spyware in the Enterprise: Discover, Detect, and Eradicate the Internet’s Greatest Threat [Electronic version]. Rockland, MA: Syngress Publishing. Available from the Capella University ebrary at http://site.ebrary.com

Chapter 1 of this book provides a glimpse into the benign development and uses for botnets and also lists some specific botnet and Trojans. The information will be used in the introductory sections and possibly the specific threats section.

Bacher, P., Holz, T., Kotter, M., and Wicherski, G. (2005). Know your enemy: Tracking botnets. Using honeynets to learn more about bots. The Honeynet Project & Research Alliance. Avail;able from http://www.honeynet.org/papers/bots/.

One method of discovering new rootkits and botnets is to use honeypots to act as decoys then analyze the activity on the honeypots. This article explores another use of honeypots, which is tracking the locations of various botnets.

Berinato, S. (2007). One-Stop Shopping for Hackers. PCWorld. Available from http://www.pcworld.com

An article that explores the existence of a website located in Russia named loads.cc that operates a botnet possibly comprising over 500,000 machines. The operators of the site sell access to the botnet to anyone for a very low price. This article will be used to demonstrate some of the illegal money-making uses of botnets.

Best Security Tips (2007). Windows security: Symantec’s top 10 security trends of 2007. Available from http://www.bestsecuritytips.com/news+article.storyid+401.htm

This page provides insight into the exploits that have plagued users the most in 2007. Among the listed trends are: bots. This site also demonstrates some of the social engineering attacks that users may fall prey to.

Broersma, M., (2008). Researchers 'Poison' Storm Botnet. Techworld.com. Available from http://www.pcworld.com/article/id,145171-page,1/article.html#.

Researchers have discovered methods to crawl the storm botnet and disrupt the command and control structure by using a poisoning technique. This information provides insight into some methods to curtail the effectiveness of botnets.

Cogswell, B., and Russinovich, M. (2006). RootkitRevealer v1.71. Microsoft TechNet. Available from http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx

This article provides information on the types of rootkits as part of the description of RootkitRevealer, which is a rootkit detection package written to run on Microsoft Windows NT 4 and later platforms.

Dawada, K., (2006). The rootkit and botnet menace. Network Magazine. Available from http://www.networkmagazineindia.com/200601/techscope200607.shtml

"Botnets and rootkits have been around for a while but their combination into a unified, malicious attack tool has caused shockwaves worldwide” (Dawada, 2006). This article discusses the cloaking capabilities that the new bread of botnets has obtained by encorporating rootkit technology.

Delio, M. (2004). Browser hijackers ruining lives. Wired. Available from http://www.wired.com

A worst case scenario is portrayed in this article, which demonstrates the possible consequences of a user’s machine becoming infected with malware. This may be used in the legislation and consequences section.

Dignan, L., and McFeters, N. (2007). Storm worm botnet partitions for sale. ZDNet. Available from http://blogs.zdnet.com/security/?p=592

The success of the Storm worm has intrigued and frustrated security researchers as this article indicates by reporting that the botnet is being broken up into small chunks and sold to the highest bidder

Federal Trade Commission (2004). The CAN-SPAM Act: Requirements for commercial emailers. Available from http://www.ftc.gov/

This web site provides the details of the CAN-SPAM Act and will be used in the legislation and consequences section of the paper.

GMER (2007). All your rootkits are belong to us. Available from http://www.gmer.net/index.php.

GMER is a rootkit detection and removal tool that is available from the above link. Using a variety of detection tools aids the security practitioner in discovering rootkits.

Gu, G., Zhang, J., and Lee, W. (n.d.). BotSniffer: Detecting botnet command and control channels in network traffic. Georgia Institute of Technology. Available from http://www-static.cc.gatech.edu

Command and control detection strategies are presented in the paper. The contained information could be useful in the functional and detection sections.

Harley, D., and Lee, A. (2007). The root of all evil? – Rootkits revealed. ESET LLC. Available from http://www.eset.com

This paper aims to assess the realities of the rootkit threat, and to examine the state of the solutions available. Useful insight into the magnitude of the rootkit threat is illustrated in this paper.

Hidalgo, A. (2007). Trojan.Peacomm: Building a peer-to-peer botnet. Symantec. Available from https://forums.symantec.com

The specific threat of a Trojan named Peacomm is described in this article. Included is a description of how the Trojan builds a network and the downloaded files. This provides a specific example for the specific threats section.

Huntington, G. (2006). Battling the botnets and rootkits: A layered strategy. Huntington Ventures Limited. Available from http://www.authenticationworld.com/Authentication-Enterprise-Security/BattlingBotnetsAndTootkits-ALayeredIdentityStrategy2006.pdf

A ten-layer approach to protecting organizations from the threat of botnets and rootkits is presented in this white paper. This information will aid in the defenses portion of the paper.

Leyden, J. (2006). Homeland security urges DRM rootkit ban. The Register. Available from http://www.theregister.co.uk/2006/02/17/rootkit/

This article demonstrates an issue in the recording industry that led to the introduction of a rootkit software on a music publisher’s CDs. Sony introduced a rootkit as a part of their Digital Rights Management (DRM) technology and possibly placed user’s computers at risk. The article also mentions possible legislation that may result from the action on Sony’s part.

McDowell, M. (2004). Avoiding Social Engineering and Phishing Attacks. Cyber Security Tip ST04-014. US-CERT. Available from http://www.us-cert.gov/cas/tips/ST04-014.html

Rootkits do not gain entry to systems but permit reentry to systems that have already been compromised. This article explains the tactics of social engineering and phishing, which are the methods by which most rootkits gain their presence.

McDowell, M. (2006). Understanding hidden threats: Rootkits and botnets. Cyber Security Tip ST06-001. United States Computer Emergency Readiness Team. Available from http://www.us-cert.gov/cas/tips/ST06-001.html

This security alert from US-CERT describes the existence of rootkits and botnets. This article provides a description of what a botnet is and provides some suggestions on how to protect a system

McMillan, R. (2008). RSA Conference: Web page can take over your router. PCWorld.

This article demonstrates that the rootkit threat is not limited to host computers but nay also infect routers and infrastructure devices. This information will provide insight into the true scope of the threat.

Minasi, M. (2005). Follow-Up: Why Microsoft can't stop root kits. Windows IT Pro. Available from http://windowsitpro.com/article/articleid/45518/follow-up-why-microsoft-cant-stop-root-kits.html

The author provides a basic analysis of how rootkits hide themselves and why rootkit removal is such a problem with Microsoft products. This information will be used in the defenses section of the paper.

Schiller, C. (2007). Botnets. Network and and Systems Professionals Association. Available from http://www.naspa.com

An in-depth look of botnets including organization, command and control structures and infection removal techniques are provided in this article. The internal workings of rootkits and their structure is a major topic of my project.

Spammer-X. (2004). Inside the SPAM Cartel: Trade Secrets from the Dark Side [Electronic version]. Rockland, MA: Syngress Publishing. Available from http://site.ebrary.com.library.capella.edu/lib/capella/Top?channelName=capella&cpage=1&f00=text&frm=smp.x&hitsPerPage=20&id=10069072&layout=document&p00=botnets&sch=%A0%A0%A0%A0%A0Search%A0%A0%A0%A0%A0&sortBy=score&sortOrder=desc.

Chapter three of this book provides some insight into the history of botnets and their appeal to spammers. This may prove useful in the background section of the paper.

United States Department of Justice. (1997). The national information infrastructure protection act of 1996 legislative analysis. Available from www.usdoj.gov

This article prepared by the United States Department of Justice provides an analysis of a law designed to protect the nation’s information infrastructure. This information will be used in the legislation section.

Vijayan, J. (2007). Information Security News: Hackers now offer subscription services, support for their malware [Electronic version]. Computerworld. Available from http://seclists.org/isn/2007/Apr/0017.html

This report provides information to the existence of businesses that sell malware online turning malware publication into big business complete with subscription services and support facilities.

Was this useful?

Your comments are always welcome.

Comments

    0 of 8192 characters used
    Post Comment

    • DougBerry profile image

      DougBerry 

      6 years ago from Abilene, TX

      Yeah, since the last annotated bibliography I had to do was back in the days of scrolls and stone tablets, seeing online sources noted is, indeed, noted. It also makes you appreciate short-form URLs.

    • J Burgraff profile image

      J Burgraff 

      6 years ago

      Don't know what a botnet or rootkit is. Nonetheless your article was useful in terms of putting together an annotated bibliography.

    working

    This website uses cookies

    As a user in the EEA, your approval is needed on a few things. To provide a better website experience, hubpages.com uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

    For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at: https://hubpages.com/privacy-policy#gdpr

    Show Details
    Necessary
    HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
    LoginThis is necessary to sign in to the HubPages Service.
    Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
    AkismetThis is used to detect comment spam. (Privacy Policy)
    HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
    HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
    Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
    CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
    Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the googleapis.com or gstatic.com domains, for performance and efficiency reasons. (Privacy Policy)
    Features
    Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
    Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
    Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
    Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
    Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
    VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
    PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
    Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
    MavenThis supports the Maven widget and search functionality. (Privacy Policy)
    Marketing
    Google AdSenseThis is an ad network. (Privacy Policy)
    Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
    Index ExchangeThis is an ad network. (Privacy Policy)
    SovrnThis is an ad network. (Privacy Policy)
    Facebook AdsThis is an ad network. (Privacy Policy)
    Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
    AppNexusThis is an ad network. (Privacy Policy)
    OpenxThis is an ad network. (Privacy Policy)
    Rubicon ProjectThis is an ad network. (Privacy Policy)
    TripleLiftThis is an ad network. (Privacy Policy)
    Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
    Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
    Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
    Statistics
    Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
    ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
    Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)