• Skip the Organizational structure panel
• Organizational structure

  On selecting a constituent part of MU the "List of projects" page will be displayed with information relevant to the selected constituent part. The "List of projects" page is not available for non-activated items.

  Masaryk University

  • Faculties
  • Law
  • Medicine
  • Science
  • Arts
  • Education
  • Economics
  • Informatics
  • Social Studies
  • Sports Studies

  • Rector`s Office
  • Rectorate
  • Institutes
  • Computer Science
  • CEITEC MU
  • Specialized Units
  • Hostels & Canteens
  • University Press
  • UCB Management

  • Other Units
  • Archive
  • Language Centre
  • International Studies
  • Disabled Students
  • Technology Transfer Office
  • Biostatistics
  • Mendel Museum
  • CERIT
  • CEITEC Central Management
  • Telč Centre

   

Security of Czech army information and communication systems - On-line monitoring, Visualization and Packet Filtration. Computer Incident Response Capability Development in the Cyber Defence EnvironmentChuck Norris botnet analysis

Botnet analysis

Chuck Norris botnet is Linux malware that attacks Linux MIPS devices, usually ADSL modems and routers discovered at Masaryk University at the end of 2009. The main threat of this botnet is the fact these devices have access to all user network traffic and since it attacks network infrastructure it is hard to be detected.

Chuck Norris botnet (slides for European Conference on Computer Network Defense 2010, Berlin, Germany)

An Analysis of the Chuck Norris Botnet 2 (technical report, published March 8th, 2011)

New:Revealing Botnets Using Network Traffic Statistics (slides for Security and Protection of Information 2011, Brno, Czech Republic)

Chuck Norris in news

English

• PCWorld - Chuck Norris botnet karate-chops routers hard
• Darkreading - Czech Researchers Say 'Chuck Norris' Kicks Bots
• Switched - 'Chuck Norris' Botnet Drop Kicks Internet Routers Worldwide
• CircleID - Chuck Norris Botnet and Broadband Routers
• The Register - Chuck Norris botnet doesn't infect routers... ...it stares them down until they infect themselves
• Trend Labs Malware blog - Botnet Rises in the Name of Chuck Norris

Czech

• Ministerstvo obrany - Čeští specialisté na kybernetickou obranu objevili nový kybernetický útok
• Sedmička - "Příště na vás zaútočí třeba ledničky"
• Euro -Čeští specialisté objevili hackerskou síť Chuck Norris
• muni.cz - Informatici objevili nový typ kybernetického útoku
• iDnes - Čeští experti odhalili vir „Chuck Norris“, slídil v počítačích po celém světě
• Novinky - Čeští experti odhalili síť Chuck Norris, která kradla informace z počítačů

Detection tool

The detection tool named cndet is NfSen plugin. It identifies malware from NetFlow data using several detection patterns of botnet's behaviour. It detects infected devices in local network as well as monitors botnet activity outside the local network (by observing incoming attempts).

Presentation of the detection module (FloCon 2011, Salt Lake City, USA)

Presentation of detection methods (78th IETF meeting, Maastricht, The Netherlands)

Screenshot

Download

• version 1.1.1, SHA-1 checksum, readme.txt, release date: May 24, 2011
• version 1.1.0, SHA-1 checksum, readme.txt, release date: December 21, 2010
• version 1.0.0, SHA-1 checksum, readme.txt, release date: November 16, 2010