PDF-based Spread Research Of Experimental Botnet

With the rapid development of Internet, our working and life styles have been changed in the Information Age. It makes working and entertainment much more convenient, however also brings serious security problems. The Botnet originating from traditional trojan horses and wroms, has been playing a more and more important role in kinds of cyber crime in especial. As a general attack platform the Botnet could bring huge economic benefits in different ways, such as attacking the competitor’s server to propose DDoS, sending spam message largely, stealing bank account number and password and even selling the PC user’s private information for benefits. It shows that the Botnet has been threatening our security of working and life and we must pay high attention to prevent the Botnet. Moreover, malicious PDF document has also been in rapid growth in result from the spread of PDF in office. As a effective media for transmission the PDF can also been used to increase the scale of Botnet in which the scale of network is one of the key factors for the benefits. Hence we propose a new idea that making PDF a new transmission media of Botnet based on the analysis of Botnet and PDF structures. It is very important to analyze the possible malicious threatens and take precautions in advance.We firstly introduce the development present situation and the research progress of the Botnet. Moreover we try to show the key technology such as command and control channel as the reference of our experimental Botnet programming. Secondly we introduce the PDF document structure and focus on analysis of physical and logical structure of PDF. It is necessary to understand the physical structure of PDF exactly and thoroughly for choosing the appropriate location to embed our Javascript code. The understanding of logical structure helps us conform the standard norm of PDF and make our new PDF with embedded Javascript legal. Furthermore, we conclude the main method of malicious PDF and take two PDF vulnerabilities newly reported for an example to introduce the key idea of activating the embedded code. Based on the above work, we program the experimental Botnet. We choose UDP as the communication protocol, use the remote injection technology to hide bot process and implement autorun of bot client with the help of registering system services. Finally we build the visual network environment to test the effective of experimental Botnet with the basic Botnet transmission model by PDF.