Andbot: Towards Advanced Mobile Botnets

With the rapid development of the computing and Internet access (i.e., using WiFi, GPRS and 3G) capabilities of smartphones, constructing practical mobile botnets has become an underlying trend. In this paper, we introduce the design of a mobile botnet called Andbot which exploits a novel command and control (C&C) strategy named URL Flux. The proposed Andbot would have desirable features including being stealthy, resilient and low-cost (i.e., low battery power consumption, low traffic consumption and low money cost) which promise to be appealing for botmasters. To prove the efficacy of our design, we implemented the prototype of Andbot in the most popular open source smartphone platform Android (Google) and evaluated it. The preliminary experiment results show that the design of Andbot is suitable for smartphones and hard to defend against. We believe that mobile botnets similar to Andbot will break out in the near future, consequently, security defenders should pay more attention to this kind of advanced mobile botnet in the early stage. The goal of our work is to increase the understanding of mobile botnets which will promote the development of more efficient countermeasures. To conclude our paper, we suggest possible defenses against the emerging threat. Keywords-Botnet;smartphone;mobile;C&C;URL Flux