{"id":"https://openalex.org/W2546296060","doi":"https://doi.org/10.1109/malware.2014.6999411","title":"Fighting banking botnets by exploiting inherent command and control vulnerabilities","display_name":"Fighting banking botnets by exploiting inherent command and control vulnerabilities","publication_year":2014,"publication_date":"2014-10-01","ids":{"openalex":"https://openalex.org/W2546296060","doi":"https://doi.org/10.1109/malware.2014.6999411","mag":"2546296060"},"language":"en","primary_location":{"id":"doi:10.1109/malware.2014.6999411","is_oa":false,"landing_page_url":"https://doi.org/10.1109/malware.2014.6999411","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2014 9th International Conference on Malicious and Unwanted Software: The Americas (MALWARE)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5035321347","display_name":"Lanier Watkins","orcid":"https://orcid.org/0000-0002-3322-1833"},"institutions":[{"id":"https://openalex.org/I145311948","display_name":"Johns Hopkins University","ror":"https://ror.org/00za53h95","country_code":"US","type":"education","lineage":["https://openalex.org/I145311948"]},{"id":"https://openalex.org/I4210114877","display_name":"Johns Hopkins Center for Health Security","ror":"https://ror.org/01fhm1y42","country_code":"US","type":"education","lineage":["https://openalex.org/I4210114877"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Lanier Watkins","raw_affiliation_strings":["Information Security Institute, Johns Hopkins University, Baltimore, MD, USA"],"affiliations":[{"raw_affiliation_string":"Information Security Institute, Johns Hopkins University, Baltimore, MD, USA","institution_ids":["https://openalex.org/I4210114877","https://openalex.org/I145311948"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5020597196","display_name":"Christina Kawka","orcid":null},"institutions":[{"id":"https://openalex.org/I145311948","display_name":"Johns Hopkins University","ror":"https://ror.org/00za53h95","country_code":"US","type":"education","lineage":["https://openalex.org/I145311948"]},{"id":"https://openalex.org/I4210114877","display_name":"Johns Hopkins Center for Health Security","ror":"https://ror.org/01fhm1y42","country_code":"US","type":"education","lineage":["https://openalex.org/I4210114877"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Christina Kawka","raw_affiliation_strings":["Information Security Institute, Johns Hopkins University, Baltimore, MD, USA"],"affiliations":[{"raw_affiliation_string":"Information Security Institute, Johns Hopkins University, Baltimore, MD, USA","institution_ids":["https://openalex.org/I4210114877","https://openalex.org/I145311948"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5065740082","display_name":"Cherita Corbett","orcid":null},"institutions":[{"id":"https://openalex.org/I2802946424","display_name":"Johns Hopkins University Applied Physics Laboratory","ror":"https://ror.org/029pp9z10","country_code":"US","type":"facility","lineage":["https://openalex.org/I145311948","https://openalex.org/I2802946424"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Cherita Corbett","raw_affiliation_strings":["Johns Hopkins University, Applied Physics Laboratory, Laurel, MD, USA"],"affiliations":[{"raw_affiliation_string":"Johns Hopkins University, Applied Physics Laboratory, Laurel, MD, USA","institution_ids":["https://openalex.org/I2802946424"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5106128999","display_name":"William H. Robinson","orcid":"https://orcid.org/0000-0001-9291-689X"},"institutions":[{"id":"https://openalex.org/I200719446","display_name":"Vanderbilt University","ror":"https://ror.org/02vm5rt34","country_code":"US","type":"education","lineage":["https://openalex.org/I200719446"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"William H. Robinson","raw_affiliation_strings":["Security and Fault Tolerance (SAF-T), Research Group Vanderbilt University, Nashville, TN, USA"],"affiliations":[{"raw_affiliation_string":"Security and Fault Tolerance (SAF-T), Research Group Vanderbilt University, Nashville, TN, USA","institution_ids":["https://openalex.org/I200719446"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5035321347"],"corresponding_institution_ids":["https://openalex.org/I145311948","https://openalex.org/I4210114877"],"apc_list":null,"apc_paid":null,"fwci":0.5823,"has_fulltext":false,"cited_by_count":10,"citation_normalized_percentile":{"value":0.71465772,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"93","last_page":"100"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.9217759370803833},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8735483884811401},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7915355563163757},{"id":"https://openalex.org/keywords/offensive","display_name":"Offensive","score":0.727608323097229},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6678951978683472},{"id":"https://openalex.org/keywords/zeus","display_name":"ZEUS (particle detector)","score":0.6124162673950195},{"id":"https://openalex.org/keywords/command-and-control","display_name":"Command and control","score":0.6103076338768005},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.5742672085762024},{"id":"https://openalex.org/keywords/cross-site-scripting","display_name":"Cross-site scripting","score":0.4945659339427948},{"id":"https://openalex.org/keywords/cybercrime","display_name":"Cybercrime","score":0.49408724904060364},{"id":"https://openalex.org/keywords/phishing","display_name":"Phishing","score":0.46243178844451904},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.46075233817100525},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.29750901460647583},{"id":"https://openalex.org/keywords/web-application-security","display_name":"Web application security","score":0.25454825162887573},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.23678600788116455},{"id":"https://openalex.org/keywords/web-development","display_name":"Web development","score":0.14094653725624084},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.11229532957077026},{"id":"https://openalex.org/keywords/telecommunications","display_name":"Telecommunications","score":0.0705016553401947}],"concepts":[{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.9217759370803833},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8735483884811401},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7915355563163757},{"id":"https://openalex.org/C176856949","wikidata":"https://www.wikidata.org/wiki/Q2001676","display_name":"Offensive","level":2,"score":0.727608323097229},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6678951978683472},{"id":"https://openalex.org/C2776444479","wikidata":"https://www.wikidata.org/wiki/Q8063038","display_name":"ZEUS (particle detector)","level":5,"score":0.6124162673950195},{"id":"https://openalex.org/C506615639","wikidata":"https://www.wikidata.org/wiki/Q21662260","display_name":"Command and control","level":2,"score":0.6103076338768005},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.5742672085762024},{"id":"https://openalex.org/C39569185","wikidata":"https://www.wikidata.org/wiki/Q371199","display_name":"Cross-site scripting","level":5,"score":0.4945659339427948},{"id":"https://openalex.org/C2779390178","wikidata":"https://www.wikidata.org/wiki/Q29137","display_name":"Cybercrime","level":3,"score":0.49408724904060364},{"id":"https://openalex.org/C83860907","wikidata":"https://www.wikidata.org/wiki/Q135005","display_name":"Phishing","level":3,"score":0.46243178844451904},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.46075233817100525},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.29750901460647583},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.25454825162887573},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.23678600788116455},{"id":"https://openalex.org/C79373723","wikidata":"https://www.wikidata.org/wiki/Q386275","display_name":"Web development","level":3,"score":0.14094653725624084},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.11229532957077026},{"id":"https://openalex.org/C76155785","wikidata":"https://www.wikidata.org/wiki/Q418","display_name":"Telecommunications","level":1,"score":0.0705016553401947},{"id":"https://openalex.org/C191486275","wikidata":"https://www.wikidata.org/wiki/Q210028","display_name":"Scattering","level":2,"score":0.0},{"id":"https://openalex.org/C42475967","wikidata":"https://www.wikidata.org/wiki/Q194292","display_name":"Operations research","level":1,"score":0.0},{"id":"https://openalex.org/C89473665","wikidata":"https://www.wikidata.org/wiki/Q2748917","display_name":"Deep inelastic scattering","level":4,"score":0.0},{"id":"https://openalex.org/C120665830","wikidata":"https://www.wikidata.org/wiki/Q14620","display_name":"Optics","level":1,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C142199849","wikidata":"https://www.wikidata.org/wiki/Q3027672","display_name":"Inelastic scattering","level":3,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/malware.2014.6999411","is_oa":false,"landing_page_url":"https://doi.org/10.1109/malware.2014.6999411","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2014 9th International Conference on Malicious and Unwanted Software: The Americas (MALWARE)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":9,"referenced_works":["https://openalex.org/W116656696","https://openalex.org/W1977415353","https://openalex.org/W1992713826","https://openalex.org/W2018358859","https://openalex.org/W2018468546","https://openalex.org/W2054897983","https://openalex.org/W2086553822","https://openalex.org/W2166844173","https://openalex.org/W6672210858"],"related_works":["https://openalex.org/W4366502726","https://openalex.org/W2023038964","https://openalex.org/W2075358766","https://openalex.org/W2981036578","https://openalex.org/W2294483539","https://openalex.org/W4289527657","https://openalex.org/W2578193553","https://openalex.org/W1985998952","https://openalex.org/W3127702456","https://openalex.org/W2112110713"],"abstract_inverted_index":{"Malware":[0],"poses":[1],"a":[2,131,198,230],"significant":[3],"threat":[4],"to":[5,17,82,93,133,140],"commerce":[6],"and":[7,38,71,85,114,127,194,209,217,244],"banking":[8,13,52],"systems.":[9],"Specifically,":[10],"the":[11,65,80,112,116,143,155,162,169,179,189,195,205,218,238],"Zeus":[12,56,164,180,239],"botnet":[14],"is":[15,107],"reported":[16],"have":[18],"caused":[19],"more":[20],"than":[21],"100":[22],"million":[23],"dollars":[24],"in":[25,39,98,178,204],"damages.":[26],"This":[27],"type":[28],"of":[29,51,68,104,157,200,226,232],"malware":[30,125],"has":[31],"been":[32],"around":[33],"for":[34,44,146],"over":[35,46],"ten":[36],"years,":[37],"2013":[40],"alone":[41],"was":[42],"responsible":[43],"compromising":[45],"one-million":[47],"computers.":[48],"The":[49,102,173],"impact":[50],"botnets":[53],"(i.e.,":[54,150,191],"typically":[55],"or":[57,246],"its":[58,108],"derivatives)":[59],"can":[60,90],"be":[61,91],"lessened":[62],"by":[63,160],"exploiting":[64],"inherent":[66],"vulnerabilities":[67,84],"their":[69,99],"command":[70],"control":[72,203],"(C&C).":[73],"Our":[74,221],"approach":[75,106,139,159],"involves:":[76],"(1)":[77,185],"fuzz":[78],"testing":[79],"C&C":[81,113,170,182,216],"identify":[83],"(2)":[86,197],"designing":[87],"exploits":[88],"that":[89,167,224],"used":[92],"make":[94],"bot-herders":[95],"less":[96],"effective":[97],"criminal":[100],"endeavors.":[101],"novelty":[103],"our":[105,138],"focus":[109],"on":[110],"interrogating":[111],"not":[115,122],"compromised":[117],"clients;":[118],"however":[119],"we":[120,136],"do":[121],"discourage":[123],"traditional":[124,134],"removal":[126],"clean-up":[128],"processes.":[129],"As":[130],"complement":[132],"processes,":[135],"offer":[137],"organizations":[141],"with":[142],"proper":[144,201],"authority":[145],"an":[147],"active":[148],"defense":[149],"offensive":[151,233],"measures).":[152],"We":[153],"demonstrate":[154],"feasibility":[156],"this":[158],"using":[161],"leaked":[163],"2.0.8.9":[165,181],"toolkit":[166],"included":[168],"web":[171,183,206],"application.":[172],"following":[174],"security":[175,228],"flaws":[176],"exist":[177],"application:":[184],"no":[186],"authentication":[187,214],"between":[188,215],"zbot":[190],"client-side":[192],"malware)":[193],"C&C,":[196,240],"lack":[199],"access":[202],"application":[207],"folders,":[208],"(3)":[210],"simple":[211],"clear":[212],"text":[213],"remote":[219],"bot-herder.":[220],"results":[222],"suggest":[223],"because":[225],"these":[227],"flaws,":[229],"range":[231],"measures":[234],"are":[235],"viable":[236],"against":[237],"including":[241],"Buffer-Overflow,":[242],"Denial-of-Service,":[243],"Dictionary":[245],"Brute":[247],"Force":[248],"Attacks.":[249]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2021,"cited_by_count":3},{"year":2020,"cited_by_count":1},{"year":2019,"cited_by_count":2},{"year":2018,"cited_by_count":1},{"year":2017,"cited_by_count":1},{"year":2015,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}