Sample Annotated Bibliography Developed for the Botnet Menace ASrticle

Published: January 19, 2012

An author should maintain a record of the sources the author consults while developing a research paper. This author may then include this record in the paper as a reference sheet or bibliography. The difference between the two is that the author should only include sources cited in the paper in a reference sheet; every source listed in the reference sheet should be cited in the paper. A bibliography, on the other hand, list every source the author consulted while researching the topic whether the author cited the source or not.

An annotated bibliography lists each source along with a description of the content of the source and the author's intention for using the source; what does the source provide? Professors often require learners in higher education to submit an annotated bibliography to document the research process for a major project, such as a program thesis.

This author developed a series of hubs to document the menace of rootkits and botnets. The following annotated bibliography documents the research process used to develop that hub, which was adapted from an actual thesis submitted to fulfill the requirements of a degree program in Information Security. The reader may consult this sample annotated bibliography to determine the proper format.

—————————————————————————————————————

Baskin, B., Bradley, T., Faircloth, J., Schiller, C., A., Caruso, K., Piccard, P., James, L. (2006). Combating Spyware in the Enterprise: Discover, Detect, and Eradicate the Internet’s Greatest Threat [Electronic version]. Rockland, MA: Syngress Publishing. Available from the Capella University ebrary at http://site.ebrary.com

Chapter 1 of this book provides a glimpse into the benign development and uses for botnets and also lists some specific botnet and Trojans. The information will be used in the introductory sections and possibly the specific threats section.

Bacher, P., Holz, T., Kotter, M., and Wicherski, G. (2005). Know your enemy: Tracking botnets. Using honeynets to learn more about bots. The Honeynet Project & Research Alliance. Avail;able from http://www.honeynet.org/papers/bots/.

One method of discovering new rootkits and botnets is to use honeypots to act as decoys then analyze the activity on the honeypots. This article explores another use of honeypots, which is tracking the locations of various botnets.

Berinato, S. (2007). One-Stop Shopping for Hackers. PCWorld. Available from http://www.pcworld.com

An article that explores the existence of a website located in Russia named loads.cc that operates a botnet possibly comprising over 500,000 machines. The operators of the site sell access to the botnet to anyone for a very low price. This article will be used to demonstrate some of the illegal money-making uses of botnets.

Best Security Tips (2007). Windows security: Symantec’s top 10 security trends of 2007. Available from http://www.bestsecuritytips.com/news+article.storyid+401.htm

This page provides insight into the exploits that have plagued users the most in 2007. Among the listed trends are: bots. This site also demonstrates some of the social engineering attacks that users may fall prey to.

Broersma, M., (2008). Researchers 'Poison' Storm Botnet. Techworld.com. Available from http://www.pcworld.com/article/id,145171-page,1/article.html#.

Researchers have discovered methods to crawl the storm botnet and disrupt the command and control structure by using a poisoning technique. This information provides insight into some methods to curtail the effectiveness of botnets.

Cogswell, B., and Russinovich, M. (2006). RootkitRevealer v1.71. Microsoft TechNet. Available from http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx

This article provides information on the types of rootkits as part of the description of RootkitRevealer, which is a rootkit detection package written to run on Microsoft Windows NT 4 and later platforms.

Dawada, K., (2006). The rootkit and botnet menace. Network Magazine. Available from http://www.networkmagazineindia.com/200601/techscope200607.shtml

"Botnets and rootkits have been around for a while but their combination into a unified, malicious attack tool has caused shockwaves worldwide” (Dawada, 2006). This article discusses the cloaking capabilities that the new bread of botnets has obtained by encorporating rootkit technology.

Delio, M. (2004). Browser hijackers ruining lives. Wired. Available from http://www.wired.com

A worst case scenario is portrayed in this article, which demonstrates the possible consequences of a user’s machine becoming infected with malware. This may be used in the legislation and consequences section.

Dignan, L., and McFeters, N. (2007). Storm worm botnet partitions for sale. ZDNet. Available from http://blogs.zdnet.com/security/?p=592

The success of the Storm worm has intrigued and frustrated security researchers as this article indicates by reporting that the botnet is being broken up into small chunks and sold to the highest bidder

Federal Trade Commission (2004). The CAN-SPAM Act: Requirements for commercial emailers. Available from http://www.ftc.gov/

This web site provides the details of the CAN-SPAM Act and will be used in the legislation and consequences section of the paper.

GMER (2007). All your rootkits are belong to us. Available from http://www.gmer.net/index.php.

GMER is a rootkit detection and removal tool that is available from the above link. Using a variety of detection tools aids the security practitioner in discovering rootkits.

Gu, G., Zhang, J., and Lee, W. (n.d.). BotSniffer: Detecting botnet command and control channels in network traffic. Georgia Institute of Technology. Available from http://www-static.cc.gatech.edu

Command and control detection strategies are presented in the paper. The contained information could be useful in the functional and detection sections.

Harley, D., and Lee, A. (2007). The root of all evil? – Rootkits revealed. ESET LLC. Available from http://www.eset.com

This paper aims to assess the realities of the rootkit threat, and to examine the state of the solutions available. Useful insight into the magnitude of the rootkit threat is illustrated in this paper.

Hidalgo, A. (2007). Trojan.Peacomm: Building a peer-to-peer botnet. Symantec. Available from https://forums.symantec.com

The specific threat of a Trojan named Peacomm is described in this article. Included is a description of how the Trojan builds a network and the downloaded files. This provides a specific example for the specific threats section.

Huntington, G. (2006). Battling the botnets and rootkits: A layered strategy. Huntington Ventures Limited. Available from http://www.authenticationworld.com/Authentication-Enterprise-Security/BattlingBotnetsAndTootkits-ALayeredIdentityStrategy2006.pdf

A ten-layer approach to protecting organizations from the threat of botnets and rootkits is presented in this white paper. This information will aid in the defenses portion of the paper.

Leyden, J. (2006). Homeland security urges DRM rootkit ban. The Register. Available from http://www.theregister.co.uk/2006/02/17/rootkit/

This article demonstrates an issue in the recording industry that led to the introduction of a rootkit software on a music publisher’s CDs. Sony introduced a rootkit as a part of their Digital Rights Management (DRM) technology and possibly placed user’s computers at risk. The article also mentions possible legislation that may result from the action on Sony’s part.

McDowell, M. (2004). Avoiding Social Engineering and Phishing Attacks. Cyber Security Tip ST04-014. US-CERT. Available from http://www.us-cert.gov/cas/tips/ST04-014.html

Rootkits do not gain entry to systems but permit reentry to systems that have already been compromised. This article explains the tactics of social engineering and phishing, which are the methods by which most rootkits gain their presence.

McDowell, M. (2006). Understanding hidden threats: Rootkits and botnets. Cyber Security Tip ST06-001. United States Computer Emergency Readiness Team. Available from http://www.us-cert.gov/cas/tips/ST06-001.html

This security alert from US-CERT describes the existence of rootkits and botnets. This article provides a description of what a botnet is and provides some suggestions on how to protect a system

McMillan, R. (2008). RSA Conference: Web page can take over your router. PCWorld.

This article demonstrates that the rootkit threat is not limited to host computers but nay also infect routers and infrastructure devices. This information will provide insight into the true scope of the threat.

Minasi, M. (2005). Follow-Up: Why Microsoft can't stop root kits. Windows IT Pro. Available from http://windowsitpro.com/article/articleid/45518/follow-up-why-microsoft-cant-stop-root-kits.html

The author provides a basic analysis of how rootkits hide themselves and why rootkit removal is such a problem with Microsoft products. This information will be used in the defenses section of the paper.

Schiller, C. (2007). Botnets. Network and and Systems Professionals Association. Available from http://www.naspa.com

An in-depth look of botnets including organization, command and control structures and infection removal techniques are provided in this article. The internal workings of rootkits and their structure is a major topic of my project.

Spammer-X. (2004). Inside the SPAM Cartel: Trade Secrets from the Dark Side [Electronic version]. Rockland, MA: Syngress Publishing. Available from http://site.ebrary.com.library.capella.edu/lib/capella/Top?channelName=capella&cpage=1&f00=text&frm=smp.x&hitsPerPage=20&id=10069072&layout=document&p00=botnets&sch=%A0%A0%A0%A0%A0Search%A0%A0%A0%A0%A0&sortBy=score&sortOrder=desc.

Chapter three of this book provides some insight into the history of botnets and their appeal to spammers. This may prove useful in the background section of the paper.

United States Department of Justice. (1997). The national information infrastructure protection act of 1996 legislative analysis. Available from www.usdoj.gov

This article prepared by the United States Department of Justice provides an analysis of a law designed to protect the nation’s information infrastructure. This information will be used in the legislation section.

Vijayan, J. (2007). Information Security News: Hackers now offer subscription services, support for their malware [Electronic version]. Computerworld. Available from http://seclists.org/isn/2007/Apr/0017.html

This report provides information to the existence of businesses that sell malware online turning malware publication into big business complete with subscription services and support facilities.

Was this useful?

Your comments are always welcome.