Botnets account for a substantial portion of cybercrime. Botmasters utilize darkweb marketplaces to promote and provide their services, which can vary from renting or buying a botnet (or parts of it) to hiring services (e.g., distributed denial of service attacks). At the same time, botnet takedown attempts have proven to be challenging, demanding a combination of technical and legal methods, and often requiring the collaboration of a plethora of entities with varying jurisdictions. In this article, we map the elements associated with the business aspect of botnets and utilize them to develop adaptations of two widely used business models. Furthermore, we analyze the 28 most notable botnet takedown operations carried out from 2008 to 2021, in regard to the methods employed, and illustrate the correlation between these methods and the segments of our adapted business models. Our analysis suggests that the botnet takedown methods have been mainly focused on the technical side, but not on the botnet economic components. We aim to shed light on new takedown vectors and incentivize takedown actors to expand their efforts to methods oriented more toward the business side of botnets, which could contribute toward eliminating some of the challenges that surround takedown operations.
Bibliographical notePublisher Copyright:
© 2023 Copyright held by the owner/author(s). Publication rights licensed to ACM.
- Additional Key Words and PhrasesCybercrime
- business models