Characterisation of the Kelihos.B Botnet

Abstract. Botnets are organized networks of infected computers that are used for malicious purposes. An example is Kelihos.B, a botnet of the Kelihos family used primarily for mining bitcoins, sending spam and stealing bitcoin wallets. A large part of the Kelihos.B botnet was sinkholed in early 2012 and since then bots are sending requests to controlled servers. In this paper, we analyze and characterize the behavior of Kelihos.B. Our analysis is based on the log file of the bot request logged at the sinkhole from March 2012 to early November 2013. We investigate both the overall characteristics of the botnets, as well as on its evolution over time since the time of the sinkholing. Our results indicate that, although this trend is decreasing, there are possibly still newly infected bots even more than a year from the original sinkholing

A Tool for Generating Automata of IEC60870-5-104 Implementations

Power distribution networks are often controlled using the communication protocol IEC 60870-5-104 (IEC-104). While a specification exists, not every device implementing this protocol, actually follows this specification. We present \textit{mealy104}, a tool that infers finite-state automata from IEC-104 implementations and use it on a real device implementing IEC-104, comparing it to the protocol standard. We use the tool to show that implementations do deviate from the specification