A system to combat Botnet illegal activities.

Botnets are getting one of the most serious threats to Internet security. A botnet is a network of compromised machines, called bots, under the control of a human operator, called botmaster. The botmaster uses the botnet to launch attacks such as distributed denial-of-service (DDoS) attacks, and perform fraudulent activities such as spamming and phishing. A botmaster uses a Command and Control (C&C) network to send commands to bots and coordinate attacks and fraudulent actions. In this thesis we propose two tools: BLOBOT (BLOcking BOTs) and Bloumail (Blocking Unwanted Mail) designed to block the activities of botnets. BLOBOT strives to detect the presence of a botnet by detecting its C&C network. BLOBOT detects both IRC-based and HTTP-based C&C networks and can be easily extended to support other kinds of protocols as needed. Botnets are also effective tools for spamming because they allow large-scale mostly undetected attacks. By compromising a large number of bots, spammers can transmit thousands of spam emails in a short period of time. Furthermore, it is difficult to detect and blacklist bots because each bot sends only a few spam emails in a short period of time. To this purpose we create Bloumail, a tool for detecting and blocking bot generated spam directly at the originator side. So doing, we can operate on a single user traffic so handling a reduced amount of very specific traffic and thus becoming able to detect spam in realtime. For both tools we have performed usability and functional tests that have proved both their effectiveness in detecting and stopping botnet and simplicity and praticality of use.