Date Added: Nov 2009
Botnets, networks of compromised machines remotely controlled and instructed to work in a coordinated fashion, have had an epidemic diffusion over the Internet and represent one of today's most insidious threat. This paper presents an open framework called Dorothy that permits to monitor the activity of a botnet. The paper proposes to characterize a botnet behavior through a set of parameters and a graphical representation. In a case study, one infiltrated and monitored a botnet named siwa collecting information about its functional structure, geographical distribution, communication mechanisms, command language and operations.