Analysis of a “/0” Stealth Scan from a Botnet

Alberto Dainotti1, Alistair King1, Kimberly Claffy1, Ferdinando Papale2, and Antonio Pescape´2

Botnets are a collection of devices used to perform cyber-criminal activity, one of the largest identified botnets is Sality. Dainotti et al. used STARDUST to observe and analyze the Sality botnet’s (one of the largest botnets ever observed) 12-day horizontal scan in February 2011. Studying the scan allows researchers to better understand the evolving botnet behavior and the advances in modern day malware.

The image above represents the source hosts’ location and number of hosts (proportional to the circle size) as well as the number of packets sent (represented by the color).

Continue reading