{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,25]],"date-time":"2026-01-25T03:30:07Z","timestamp":1769311807213,"version":"3.49.0"},"reference-count":144,"publisher":"Association for Computing Machinery (ACM)","issue":"11","license":[{"start":{"date-parts":[[2023,2,9]],"date-time":"2023-02-09T00:00:00Z","timestamp":1675900800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Comput. Surv."],"published-print":{"date-parts":[[2023,11,30]]},"abstract":"<jats:p>Botnets account for a substantial portion of cybercrime. Botmasters utilize darkweb marketplaces to promote and provide their services, which can vary from renting or buying a botnet (or parts of it) to hiring services (e.g., distributed denial of service attacks). At the same time, botnet takedown attempts have proven to be challenging, demanding a combination of technical and legal methods, and often requiring the collaboration of a plethora of entities with varying jurisdictions. In this article, we map the elements associated with the business aspect of botnets and utilize them to develop adaptations of two widely used business models. Furthermore, we analyze the 28 most notable botnet takedown operations carried out from 2008 to 2021, in regard to the methods employed, and illustrate the correlation between these methods and the segments of our adapted business models. Our analysis suggests that the botnet takedown methods have been mainly focused on the technical side, but not on the botnet economic components. We aim to shed light on new takedown vectors and incentivize takedown actors to expand their efforts to methods oriented more toward the business side of botnets, which could contribute toward eliminating some of the challenges that surround takedown operations.<\/jats:p>","DOI":"10.1145\/3575808","type":"journal-article","created":{"date-parts":[[2022,12,15]],"date-time":"2022-12-15T14:22:04Z","timestamp":1671114124000},"page":"1-39","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":20,"title":["Botnet Business Models, Takedown Attempts, and the Darkweb Market: A Survey"],"prefix":"10.1145","volume":"55","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-5842-1236","authenticated-orcid":false,"given":"Dimitrios","family":"Georgoulias","sequence":"first","affiliation":[{"name":"Aalborg University, Copenhagen, Denmark"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1903-2921","authenticated-orcid":false,"given":"Jens Myrup","family":"Pedersen","sequence":"additional","affiliation":[{"name":"Aalborg University, Copenhagen, Denmark"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2649-215X","authenticated-orcid":false,"given":"Morten","family":"Falch","sequence":"additional","affiliation":[{"name":"Aalborg University, Copenhagen, Denmark"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5068-9158","authenticated-orcid":false,"given":"Emmanouil","family":"Vasilomanolakis","sequence":"additional","affiliation":[{"name":"Technical University of Denmark, Kongens Lyngby, Denmark"}]}],"member":"320","published-online":{"date-parts":[[2023,2,9]]},"reference":[{"key":"e_1_3_2_2_2","unstructured":"Tokunbo Agbolade. 2020. Value Chain Analysis: An Internal Assessment of Competitive Advantage. Retrieved December 22 2022 from https:\/\/www.business-to-you.com\/value-chain\/."},{"key":"e_1_3_2_3_2","unstructured":"Wajeeha Ahmad. 2019. Why Botnets Persist: Designing Effective Technical and Policy Interventions. Retrieved December 22 2022 from https:\/\/internetpolicy.mit.edu\/wp-content\/uploads\/2019\/09\/publications-ipri-2019-02.pdf."},{"key":"e_1_3_2_4_2","unstructured":"Akamai. 2020. Ransom Demands Return: New DDoS Extortion Threats from Old Actors Targeting Finance and Retail. Retrieved December 22 2022 from https:\/\/blogs.akamai.com\/sitr\/2020\/08\/ransom-demands-return-new-ddos-extortion-threats-from-old-actors-targeting-finance-and-retail.html."},{"key":"e_1_3_2_5_2","unstructured":"Bruce Sterling. 2008. Srizbi Botnet Re-commandeered spewing spam all over. https:\/\/www.wired.com\/2008\/11\/srizbi-botnet-r\/."},{"key":"e_1_3_2_6_2","doi-asserted-by":"publisher","DOI":"10.1007\/s00521-015-2128-0"},{"key":"e_1_3_2_7_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.32"},{"key":"e_1_3_2_8_2","first-page":"517","volume-title":"Proceedings of the International Conference on Web Information Systems Engineering","author":"Anagnostopoulos Marios","year":"2017","unstructured":"Marios Anagnostopoulos, Georgios Kambourakis, Panagiotis Drakatos, Michail Karavolos, Sarantis Kotsilitis, and David K. Y. Yau. 2017. Botnet command and control architectures revisited: Tor hidden services and fluxing. In Proceedings of the International Conference on Web Information Systems Engineering. 517\u2013527. https:\/\/link.springer.com\/chapter\/10.1007\/978-3-319-68786-5_41."},{"key":"e_1_3_2_9_2","first-page":"1093","volume-title":"Proceedings of the 26th USENIX Security Symposium (USENIX Security\u201917)","author":"Antonakakis Manos","year":"2017","unstructured":"Manos Antonakakis, Tim April, Michael Bailey, Matt Bernhard, Elie Bursztein, Jaime Cochran, Zakir Durumeric, et\u00a0al. 2017. Understanding the Mirai botnet. In Proceedings of the 26th USENIX Security Symposium (USENIX Security\u201917). 1093\u20131110."},{"key":"e_1_3_2_10_2","unstructured":"Dan Woods Sara Boddy and Shahnawaz Backer. 2020. Genesis Marketplace a Digital Fingerprint Darknet Store. Retrieved December 22 2022 from https:\/\/www.f5.com\/labs\/articles\/threat-intelligence\/genesis-marketplace--a-digital-fingerprint-darknet-store."},{"key":"e_1_3_2_11_2","unstructured":"BBC. 2013. FBI and Microsoft take down $500m-theft botnet Citadel. BBC . Retrieved December 22 2022 from https:\/\/www.bbc.com\/news\/technology-22795074#::text=The%20FBI%20and%20Microsoft%20have million%20machines%20to%20steal%20data."},{"key":"e_1_3_2_12_2","doi-asserted-by":"publisher","DOI":"10.1109\/ISI.2015.7165944"},{"key":"e_1_3_2_13_2","doi-asserted-by":"crossref","first-page":"511","DOI":"10.1007\/978-3-030-00470-5_24","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"B\u00f6ck Leon","year":"2018","unstructured":"Leon B\u00f6ck, Emmanouil Vasilomanolakis, Max M\u00fchlh\u00e4user, and Shankar Karuppayah. 2018. Next generation P2P botnets: Monitoring under adverse conditions. In Research in Attacks, Intrusions, and Defenses, Michael Bailey, Thorsten Holz, Manolis Stamatogiannakis, and Sotiris Ioannidis (Eds.). Springer International Publishing, Cham, Switzerland, 511\u2013531."},{"key":"e_1_3_2_14_2","unstructured":"John Bohannon. 2020. Why criminals can\u2019t hide behind Bitcoin. Science . Retrieved December 22 2022 from https:\/\/www.sciencemag.org\/news\/2016\/03\/why-criminals-cant-hide-behind-bitcoin."},{"key":"e_1_3_2_15_2","doi-asserted-by":"publisher","DOI":"10.1145\/2659651.2659673"},{"key":"e_1_3_2_16_2","first-page":"441","article-title":"Bitcoin and money laundering: Mining for an effective solution","volume":"89","author":"Bryans Danton","year":"2014","unstructured":"Danton Bryans. 2014. Bitcoin and money laundering: Mining for an effective solution. Indiana Law Journal 89 (2014), 441.","journal-title":"Indiana Law Journal"},{"key":"e_1_3_2_17_2","unstructured":"Tom Burt. 2020. New action to disrupt world\u2019s largest online criminal network. Microsoft . Retrieved December 22 2022 from https:\/\/blogs.microsoft.com\/on-the-issues\/2020\/03\/10\/necurs-botnet-cyber-crime-disrupt\/."},{"key":"e_1_3_2_18_2","unstructured":"Mattha Busby. 2021. DarkMarket: World\u2019s Largest Illegal Dark Web Marketplace Taken Down. Retrieved December 22 2022 from https:\/\/www.europol.europa.eu\/newsroom\/news\/darkmarket-worlds-largest-illegal-dark-web-marketplace-taken-down."},{"key":"e_1_3_2_19_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.clsr.2021.105652"},{"key":"e_1_3_2_20_2","volume-title":"Proceedings of the 20th USENIX Security Symposium (USENIX Security\u201911)","author":"Caballero Juan","year":"2011","unstructured":"Juan Caballero, Chris Grier, Christian Kreibich, and Vern Paxson. 2011. Measuring pay-per-install: The commoditization of malware distribution. In Proceedings of the 20th USENIX Security Symposium (USENIX Security\u201911). 13. https:\/\/www.usenix.org\/conference\/usenix-security-11\/measuring-pay-install-commoditization-malware-distribution."},{"key":"e_1_3_2_21_2","unstructured":"Guy Caspi. 2020. Why Are We Losing the Cyberwar? Retrieved December 22 2022 from https:\/\/www.forbes.com\/sites\/forbestechcouncil\/2020\/01\/22\/why-are-we-losing-the-cyberwar\/."},{"key":"e_1_3_2_22_2","unstructured":"Microsoft News Center. 2013. Microsoft the FBI Europol and industry partners disrupt the notorious ZeroAccess botnet. Microsoft . Retrieved December 22 2022 from https:\/\/news.microsoft.com\/2013\/12\/05\/microsoft-the-fbi-europol-and-industry-partners-disrupt-the-notorious-zeroaccess-botnet\/."},{"key":"e_1_3_2_23_2","doi-asserted-by":"publisher","DOI":"10.1109\/MNET.2010.5634434"},{"key":"e_1_3_2_24_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2011.08.004"},{"key":"e_1_3_2_25_2","doi-asserted-by":"crossref","unstructured":"Catalin Cimpanu. 2020. Microsoft orchestrates coordinated takedown of Necurs botnet. ZDNET . Retrieved December 22 2022 from https:\/\/www.zdnet.com\/article\/microsoft-orchestrates-coordinated-takedown-of-necurs-botnet\/.","DOI":"10.1016\/S1353-4858(20)30026-X"},{"key":"e_1_3_2_26_2","first-page":"1","volume-title":"Proceedings on the 6th Annual Security Conference","author":"Cole Alma","year":"2007","unstructured":"Alma Cole, Michael Mellor, and Daniel Noyes. 2007. Botnets: The rise of the machines. In Proceedings on the 6th Annual Security Conference. ACM, New York, NY, 1\u201314."},{"key":"e_1_3_2_27_2","article-title":"The zombie roundup: Understanding, detecting, and disrupting botnets. In","author":"Cooke Evan","year":"2005","unstructured":"Evan Cooke, Farnam Jahanian, and Danny McPherson. 2005. The zombie roundup: Understanding, detecting, and disrupting botnets. In Proceedings of the Steps to Reducing Unwanted Traffic on the Internet Workshop (SRUTI\u201905). 39\u201344.","journal-title":"Proceedings of the Steps to Reducing Unwanted Traffic on the Internet Workshop (SRUTI\u201905)."},{"key":"e_1_3_2_28_2","unstructured":"Dylan Curran. 2018. My terrifying deep dive into one of Russia\u2019s largest hacking forums. The Guardian . Retrieved December 22 2022 from https:\/\/www.theguardian.com\/commentisfree\/2018\/jul\/24\/darknet-dark-web-hacking-forum-internet-safety."},{"key":"e_1_3_2_29_2","unstructured":"Mike Dalton. 2020. Can Monero Be Traced? How the U.S. Is Trying to Track the Privacy Coin. Retrieved December 22 2022 from https:\/\/www.bitrates.com\/news\/p\/can-monero-be-traced-how-the-us-is-trying-to-track-the-privacy-coin."},{"key":"e_1_3_2_30_2","unstructured":"A. Decker D. Sancho L. Kharouni M. Goncharov and R. McArdle. 2009. A study of the Pushdo\/Cutwail botnet."},{"key":"e_1_3_2_31_2","unstructured":"Photon Research Team Digital Shadows. 2020. With the Empire Falling Who Will Take Over the Throne? Retrieved December 22 2022 from https:\/\/www.digitalshadows.com\/blog-and-research\/with-the-empire-falling-who-will-take-over-the-throne\/."},{"key":"e_1_3_2_32_2","doi-asserted-by":"publisher","DOI":"10.5555\/2228340.2228349"},{"key":"e_1_3_2_33_2","doi-asserted-by":"crossref","first-page":"216","DOI":"10.1007\/978-3-642-14992-4_20","volume-title":"Proceedings of the International Conference on Financial Cryptography and Data Security","author":"Dittrich David","year":"2010","unstructured":"David Dittrich, Felix Leder, and Tillmann Werner. 2010. A case study in ethical decision making regarding remote mitigation of botnets. In Proceedings of the International Conference on Financial Cryptography and Data Security. 216\u2013230."},{"key":"e_1_3_2_34_2","doi-asserted-by":"publisher","DOI":"10.1109\/ISI.2018.8587327"},{"key":"e_1_3_2_35_2","unstructured":"Mike Ebinum. 2016. How To: Business Model Canvas Explained. Retrieved December 22 2022 from https:\/\/medium.com\/seed-digital\/how-to-business-model-canvas-explained-ad3676b6fe4a."},{"key":"e_1_3_2_36_2","unstructured":"EC-Council. 2019. A chronological look at the biggest botnet attacks of the 21st century. https:\/\/www.eccouncil.org\/cybersecurity-exchange\/ethical-hacking\/the-biggest-botnet-attacks-to-date\/."},{"key":"e_1_3_2_37_2","unstructured":"EMCDDA. 2020. EMCDDA Special Report: COVID-19 and Drugs\u2014Drug Supply via DarkNet Markets. Retrieved December 22 2022 from https:\/\/www.emcdda.europa.eu\/publications\/ad-hoc\/covid-19-and-drugs-drug-supply-via-darknet-markets."},{"key":"e_1_3_2_38_2","unstructured":"Enisa. 2020. ENISA Threat Landscape 2020\u2014Cryptojacking. Retrieved December 22 2022 from https:\/\/www.enisa.europa.eu\/publications\/enisa-threat-landscape-2020-cryptojacking."},{"key":"e_1_3_2_39_2","unstructured":"Enisa. 2020. ENISA Threat Landscape 2020: Cyber Attacks Becoming More Sophisticated Targeted Widespread and Undetected. Retrieved December 22 2022 from https:\/\/www.enisa.europa.eu\/news\/enisa-news\/enisa-threat-landscape-2020."},{"issue":"3","key":"e_1_3_2_40_2","first-page":"71","article-title":"To improve cybersecurity, think like a hacker","volume":"58","author":"Esteves Jose","year":"2017","unstructured":"Jose Esteves, Elisabeth Ramalho, and Guillermo De Haro. 2017. To improve cybersecurity, think like a hacker. MIT Sloan Management Review 58, 3 (2017), 71.","journal-title":"MIT Sloan Management Review"},{"key":"e_1_3_2_41_2","unstructured":"Europol. 2014. Global Action Targeting Shylock Malware. Retrieved December 22 2022 from https:\/\/www.europol.europa.eu\/newsroom\/news\/global-action-targeting-shylock-malware."},{"key":"e_1_3_2_42_2","unstructured":"Europol. 2015. Botnet Taken Down through International Law Enforcement Cooperation. Retrieved December 22 2022 from https:\/\/www.europol.europa.eu\/newsroom\/news\/botnet-taken-down-through-international-law-enforcement-cooperation."},{"key":"e_1_3_2_43_2","unstructured":"Europol. 2016. \u2018Avalance\u2019 Network Dismantled in International Cyber Operation. Retrieved December 22 2022 from https:\/\/www.europol.europa.eu\/newsroom\/news\/%E2%80%98avalanche%E2%80%99-network-dismantled-in-international-cyber-operation."},{"key":"e_1_3_2_44_2","unstructured":"Europol. 2019. MONEY MULING: Public awareness and prevention. Retrieved December 22 2022 from https:\/\/www.europol.europa.eu\/operations-services-and-innovation\/public-awareness-and-prevention-guides\/money-muling."},{"key":"e_1_3_2_45_2","unstructured":"Europol. 2021. World\u2019s Most Dangerous Malware EMOTET Disrupted through Global Action. Retrieved December 22 2022 from https:\/\/www.europol.europa.eu\/newsroom\/news\/world%E2%80%99s-most-dangerous-malware-emotet-disrupted-through-global-action."},{"key":"e_1_3_2_46_2","unstructured":"Flashpoint. 2020. Pricing Analysis: Dark Web Marketplaces 2020. Retrieved December 22 2022 from https:\/\/go.flashpoint-intel.com\/docs\/flashpoint-pricing-analysis-dark-web-marketplaces-2020."},{"key":"e_1_3_2_47_2","doi-asserted-by":"publisher","DOI":"10.1145\/1278940.1278942"},{"key":"e_1_3_2_48_2","unstructured":"Nathan Friess and John Aycock. 2007. Black Market Botnets. Retrieved December 22 2022 from https:\/\/prism.ucalgary.ca\/handle\/1880\/45380."},{"key":"e_1_3_2_49_2","doi-asserted-by":"publisher","DOI":"10.1109\/Cybermatics_2018.2018.00219"},{"key":"e_1_3_2_50_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2014.05.011"},{"key":"e_1_3_2_51_2","doi-asserted-by":"publisher","DOI":"10.1109\/eCrime54498.2021.9738766"},{"key":"e_1_3_2_52_2","doi-asserted-by":"publisher","DOI":"10.1145\/3530877"},{"key":"e_1_3_2_53_2","unstructured":"Miguel Gomez. 2020. Dark Web Price Index 2020. Retrieved December 22 2022 from https:\/\/www.privacyaffairs.com\/dark-web-price-index-2020\/#6."},{"key":"e_1_3_2_54_2","unstructured":"Max Goncharov. 2012. Russian Underground 101 . Trend Micro."},{"key":"e_1_3_2_55_2","unstructured":"Max Goncharov. 2015. Bulletproof Hosting Services: Cybercriminal Hideouts for Lease. Retrieved December 22 2022 from https:\/\/www.trendmicro.com\/vinfo\/pl\/security\/news\/cybercrime-and-digital-threats\/bulletproof-hosting-services-cybercriminal-hideouts-for-lease."},{"key":"e_1_3_2_56_2","unstructured":"Joan Goodchild. 2011. Conficker Working Group says worm is stopped but not gone. CSO . Retrieved December 22 2022 from https:\/\/www.csoonline.com\/article\/2126743\/conficker-working-group-says-worm-is-stopped--but-not-gone.html."},{"key":"e_1_3_2_57_2","first-page":"1","volume-title":"Proceedings of the 1st Workshop on Hot Topics in Understanding Botnets (HotBots\u201907)","author":"Grizzard Julian B.","year":"2007","unstructured":"Julian B. Grizzard, Vikram Sharma, Chris Nunnery, Brent ByungHoon Kang, and David Dagon. 2007. Peer-to-peer botnets: Overview and case study. In Proceedings of the 1st Workshop on Hot Topics in Understanding Botnets (HotBots\u201907). 1."},{"key":"e_1_3_2_58_2","unstructured":"Alex Guirakhoo. 2019. Understanding the Different Cybercriminal Platforms: AVCs Marketplaces and Forums. Retrieved December 22 2022 from https:\/\/www.digitalshadows.com\/blog-and-research\/understanding-the-different-cybercriminal-platforms-avcs-marketplaces-and-forums\/."},{"key":"e_1_3_2_59_2","unstructured":"Hackerspaces. 2020. IRC Channel. Retrieved December 22 2022 from https:\/\/wiki.hackerspaces.org\/IRC_Channel."},{"key":"e_1_3_2_60_2","unstructured":"Juan Hardoy. 2015. Breaking up a botnet\u2014How Ramnit was foiled. Microsoft . Retrieved December 22 2022 from https:\/\/blogs.microsoft.com\/eupolicy\/2015\/10\/22\/breaking-up-a-botnet-how-ramnit-was-foiled\/."},{"key":"e_1_3_2_61_2","unstructured":"Alex Hern. 2020. Silk Road bitcoins worth $1bn change hands after seven years. The Guardian . Retrieved December 22 2022 from https:\/\/www.theguardian.com\/technology\/2020\/nov\/04\/silk-road-bitcoins-worth-1bn-change-hands-after-seven-years."},{"key":"e_1_3_2_62_2","doi-asserted-by":"publisher","DOI":"10.1145\/3199674"},{"key":"e_1_3_2_63_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-78440-3_36"},{"key":"e_1_3_2_64_2","unstructured":"Ionut Ilascu. 2020. TrickBot malware under siege from all sides and it\u2019s working. BleepingComputer . Retrieved December 22 2022 from https:\/\/www.bleepingcomputer.com\/news\/security\/trickbot-malware-under-siege-from-all-sides-and-its-working\/."},{"key":"e_1_3_2_65_2","unstructured":"Cambridge University Institute for Manufacturing. 2016. Porter\u2019s Value Chain. Retrieved December 22 2022 from https:\/\/www.ifm.eng.cam.ac.uk\/research\/dstools\/value-chain-\/."},{"key":"e_1_3_2_66_2","unstructured":"Interpol. 2015. INTERPOL supports global operation against Dorkbot botnet. Interpol . Retrieved December 22 2022 from https:\/\/www.interpol.int\/es\/Noticias-y-acontecimientos\/Noticias\/2015\/INTERPOL-supports-global-operation-against-Dorkbot-botnet."},{"key":"e_1_3_2_67_2","unstructured":"Erik Kain. 2013. The Silk Road Shuts Down But the Black Market Isn\u2019t Going Anywhere. Retrieved December 22 2022 from https:\/\/www.forbes.com\/sites\/erikkain\/2013\/10\/02\/the-silk-road-shuts-down-but-the-black-market-isnt-going-anywhere\/?sh=6cff0e987a6c."},{"key":"e_1_3_2_68_2","doi-asserted-by":"publisher","DOI":"10.1145\/2872427.2883004"},{"key":"e_1_3_2_69_2","unstructured":"Kaspersky. 2014. Shylock\/Caphaw Malware Trojan: The Overview. Retrieved December 22 2022 from https:\/\/securelist.com\/shylockcaphaw-malware-trojan-the-overview\/64599\/."},{"key":"e_1_3_2_70_2","unstructured":"Kaspersky. 2021. Zeus Virus. Retrieved December 22 2022 from https:\/\/usa.kaspersky.com\/resource-center\/threats\/zeus-virus."},{"key":"e_1_3_2_71_2","unstructured":"Limor Kessem. 2015. The Return of Ramnit: Life After a Law Enforcement Takedown. Retrieved December 22 2022 from https:\/\/securityintelligence.com\/the-return-of-ramnit-life-after-a-law-enforcement-takedown\/."},{"key":"e_1_3_2_72_2","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2013.091213.00134"},{"key":"e_1_3_2_73_2","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2017.201"},{"key":"e_1_3_2_74_2","doi-asserted-by":"crossref","unstructured":"Brian Krebs. 2011. U.S. Government Takes Down Coreflood Botnet. Retrieved December 22 2022 from https:\/\/krebsonsecurity.com\/2011\/04\/u-s-government-takes-down-coreflood-botnet\/.","DOI":"10.1016\/S1353-4858(11)70044-7"},{"key":"e_1_3_2_75_2","unstructured":"Brian Krebs. 2011. \u2018Biggest Cybercriminal Takedown in History.\u2019 Retrieved December 22 2022 from https:\/\/krebsonsecurity.com\/2011\/11\/malware-click-fraud-kingpins-arrested-in-estonia\/."},{"key":"e_1_3_2_76_2","unstructured":"Brian Krebs. 2012. Top Spam Botnet \u201cGrum \u201d Unplugged. Retrieved December 22 2022 from https:\/\/krebsonsecurity.com\/2012\/07\/top-spam-botnet-grum-unplugged\/."},{"key":"e_1_3_2_77_2","unstructured":"Brian Krebs. 2017. Who Is Anna-Senpai the Mirai Worm Author? Retrieved December 22 2022 from https:\/\/krebsonsecurity.com\/2017\/01\/who-is-anna-senpai-the-mirai-worm-author\/."},{"key":"e_1_3_2_78_2","unstructured":"Brian Krebs. 2021. International Action Targets Emotet Crimeware. Retrieved December 22 2022 from https:\/\/krebsonsecurity.com\/2021\/01\/international-action-targets-emotet-crimeware\/."},{"key":"e_1_3_2_79_2","unstructured":"Scott Langdon. 2020. Is Bitcoin Traceable? Things You Must Know. Retrieved December 22 2022 from https:\/\/www.moneytaskforce.com\/money\/is-bitcoin-traceable\/."},{"key":"e_1_3_2_80_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2011.24"},{"key":"e_1_3_2_81_2","unstructured":"John Leyden. 2012. Microsoft seizes Chinese dot-org to kill Nitol bot army. The Register . Retrieved December 22 2022 from https:\/\/www.theregister.com\/2012\/09\/13\/botnet_takedown\/."},{"key":"e_1_3_2_82_2","doi-asserted-by":"publisher","DOI":"10.1080\/19393555.2014.931488"},{"key":"e_1_3_2_83_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-09762-6_12"},{"key":"e_1_3_2_84_2","unstructured":"MalwareBytes. 2021. Ryuk Ransomware. Retrieved December 22 2022 from https:\/\/www.malwarebytes.com\/ryuk-ransomware\/."},{"key":"e_1_3_2_85_2","unstructured":"Malwarebytes. 2021. Trickbot. Retrieved December 22 2022 from https:\/\/www.malwarebytes.com\/trickbot\/."},{"key":"e_1_3_2_86_2","unstructured":"Etay Maor. 2013. No Money Mule No Problem: Recruitment Website Kits for Sale. Retrieved December 22 2022 from https:\/\/securityintelligence.com\/money-mule-problem-recruitment-website-kits-sale\/."},{"key":"e_1_3_2_87_2","unstructured":"MalwareTech Marcus Hutchins. 2017. The Kelihos Botnet. Retrieved December 22 2022 from https:\/\/www.malwaretech.com\/2017\/04\/the-kelihos-botnet.html."},{"key":"e_1_3_2_88_2","unstructured":"DarknetOnions.com. 2021. How to Use ToRReZ Market: A Complete Guide . https:\/\/darknetone.com\/how-to-use-torrez-market-a-complete-guide\/."},{"key":"e_1_3_2_89_2","unstructured":"Darknetone.com. 2021. Dread. https:\/\/darknetone.com\/market\/dread\/."},{"key":"e_1_3_2_90_2","unstructured":"DarknetOnions.com. 2021. How to Use White House Market: A Complete Guide . https:\/\/darknetone.com\/how-to-use-white-house-market-a-complete-guide\/."},{"key":"e_1_3_2_91_2","unstructured":"DarknetOnions.com. 2021. Complete Guide to Hydra Market . https:\/\/darknetone.com\/a-complete-guide-to-hydra-market\/."},{"key":"e_1_3_2_92_2","unstructured":"Matt. 2020. How dark web users utilise postal services to buy and ship drugs. OSINT . Retrieved December 22 2022 from https:\/\/www.osintme.com\/index.php\/2020\/06\/12\/how-dark-web-users-utilise-postal-services-to-buy-and-ship-drugs\/."},{"key":"e_1_3_2_93_2","unstructured":"Michael McCaul. 2017. The war in cyberspace: Why we are losing\u2014How to fight back. YouTube . Retrieved December 22 2022 from https:\/\/www.youtube.com\/watch?v=nq__jneFcps&ab_channel=RSAConference."},{"key":"e_1_3_2_94_2","first-page":"1","volume-title":"Proceedings of the 2018 International Joint Conference on Neural Networks (IJCNN\u201918)","author":"McDermott Christopher D.","year":"2018","unstructured":"Christopher D. McDermott, Farzan Majdani, and Andrei V. Petrovski. 2018. Botnet detection in the Internet of Things using deep learning approaches. In Proceedings of the 2018 International Joint Conference on Neural Networks (IJCNN\u201918). IEEE, Los Alamitos, CA, 1\u20138."},{"key":"e_1_3_2_95_2","doi-asserted-by":"crossref","unstructured":"Elliott Peterson Michael Sandee and Tillmann Werner. 2015. Gameover Zeus\u2014Bad Guys and Backends. Retrieved December 22 2022 from https:\/\/www.blackhat.com\/docs\/us-15\/materials\/us-15-Peterson-GameOver-Zeus-Badguys-And-Backends.pdf.","DOI":"10.1504\/IJADS.2022.122641"},{"key":"e_1_3_2_96_2","doi-asserted-by":"crossref","first-page":"745","DOI":"10.1109\/PST.2016.7906988","volume-title":"Proceedings of the 2016 14th Annual Conference on Privacy, Security, and Trust (PST\u201916)","author":"Mukhopadhyay Ujan","year":"2016","unstructured":"Ujan Mukhopadhyay, Anthony Skjellum, Oluwakemi Hambolu, Jon Oakley, Lu Yu, and Richard Brooks. 2016. A brief survey of cryptocurrency systems. In Proceedings of the 2016 14th Annual Conference on Privacy, Security, and Trust (PST\u201916). IEEE, Los Alamitos, CA, 745\u2013752."},{"key":"e_1_3_2_97_2","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516749"},{"key":"e_1_3_2_98_2","unstructured":"Rebecca R. Ruiz and Nathaniel Popper. 2017. 2 Leading Online Black Markets Are Shut Down by Authorities. Retrieved December 22 2022 from https:\/\/www.nytimes.com\/2017\/07\/20\/business\/dealbook\/alphabay-dark-web-opioids.html."},{"key":"e_1_3_2_99_2","unstructured":"Gonzalo Aste. 2012. Osterwalder explaining the Business Model Canvas. YouTube . Retrieved December 22 2022 from https:\/\/www.youtube.com\/watch?v=RzkdJiax6Tw&t=1939s&ab_channel=GonzaloAste."},{"key":"e_1_3_2_100_2","volume-title":"Business Model Generation: A Handbook for Visionaries, Game Changers, and Challengers","author":"Osterwalder Alexander","year":"2010","unstructured":"Alexander Osterwalder and Yves Pigneur. 2010. Business Model Generation: A Handbook for Visionaries, Game Changers, and Challengers. John Wiley & Sons, Hoboken, NJ."},{"key":"e_1_3_2_101_2","unstructured":"Mehul Patel. 2019. Cat and Mouse: Understanding the Security Industry\u2019s Failure to Stop Cyberattackers. Retrieved December 22 2022 from https:\/\/securityboulevard.com\/2019\/08\/cat-and-mouse-understanding-the-security-industrys-failure-to-stop-cyberattackers\/."},{"key":"e_1_3_2_102_2","unstructured":"Paul Vigna and Caitlin Ostroff. 2020. Why Hackers Use Bitcoin and Why It Is So Difficult to Trace. Retrieved December 22 2022 from https:\/\/www.wsj.com\/articles\/why-hackers-use-bitcoin-and-why-it-is-so-difficult-to-trace-11594931595."},{"key":"e_1_3_2_103_2","unstructured":"Check Point. 2021. February 2021\u2019s Most Wanted Malware: Trickbot Takes Over Following Emotet Shutdown. Retrieved December 22 2022 from https:\/\/blog.checkpoint.com\/2021\/03\/11\/february-2021s-most-wanted-malware-trickbot-takes-over-following-emotet-shutdown\/."},{"key":"e_1_3_2_104_2","unstructured":"Robey Pointer. 2021. Welcome to Eggdrop! Retrieved December 22 2022 from https:\/\/www.eggheads.org\/."},{"key":"e_1_3_2_105_2","unstructured":"Dutch Police. 2021. International Police Operation LadyBird: Global Botnet Emotet Dismantled. Retrieved December 22 2022 from https:\/\/www.politie.nl\/nieuws\/2021\/januari\/27\/11-internationale-politieoperatie-ladybird-botnet-emotet-wereldwijd-ontmanteld.html."},{"key":"e_1_3_2_106_2","first-page":"167","article-title":"Creating and sustaining superior performance","volume":"167","author":"Porter Michael E.","year":"1985","unstructured":"Michael E. Porter and Competitive Advantage. 1985. Creating and sustaining superior performance. Competitive Advantage 167 (1985), 167\u2013206.","journal-title":"Competitive Advantage"},{"key":"e_1_3_2_107_2","unstructured":"Howard Poston. 2020. Cybercrime at scale: Dissecting a dark web phishing kit. INFOSEC . Retrieved December 22 2022 from https:\/\/resources.infosecinstitute.com\/topic\/cybercrime-at-scale-dissecting-a-dark-web-phishing-kit\/."},{"key":"e_1_3_2_108_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jksuci.2017.07.004"},{"key":"e_1_3_2_109_2","doi-asserted-by":"publisher","DOI":"10.1109\/PDP2018.2018.00077"},{"key":"e_1_3_2_110_2","volume-title":"Chasing Dirty Money: The Fight Against Money Laundering","author":"Reuter Peter","year":"2005","unstructured":"Peter Reuter. 2005. Chasing Dirty Money: The Fight Against Money Laundering. Peterson Institute, Washington, DC."},{"key":"e_1_3_2_111_2","doi-asserted-by":"publisher","DOI":"10.1145\/2501654.2501659"},{"key":"e_1_3_2_112_2","unstructured":"Raj Samani and Francois Paget. 2013. Cybercrime Exposed: Cybercrime-as-a-Service . McAfee."},{"key":"e_1_3_2_113_2","unstructured":"Jason Sattler. 2019. What we\u2019ve learned from 10 years of the Conficker mystery. F-Secure . Retrieved December 22 2022 from https:\/\/blog.f-secure.com\/what-weve-learned-from-10-years-of-the-conficker-mystery\/."},{"key":"e_1_3_2_114_2","unstructured":"Mathew J. Schwartz. 2013. Microsoft FBI Trumpet Citadel Botnet Takedowns. Retrieved December 22 2022 from https:\/\/www.darkreading.com\/attacks-and-breaches\/microsoft-fbi-trumpet-citadel-botnet-takedowns\/d\/d-id\/1110261."},{"key":"e_1_3_2_115_2","unstructured":"Mathew J. Schwartz. 2015. Dorkbot Botnets Get Busted. Retrieved December 22 2022 from https:\/\/www.bankinfosecurity.com\/dorkbot-ddos-botnets-get-busted-a-8728."},{"key":"e_1_3_2_116_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4419-6967-5_7"},{"key":"e_1_3_2_117_2","unstructured":"Shadowserver. 2017. Kelihos.E Botnet\u2014Law Enforcement Takedown. Retrieved December 22 2022 from https:\/\/www.shadowserver.org\/news\/kelihos-e\/."},{"key":"e_1_3_2_118_2","unstructured":"Shadowserver. 2018. Avalanche 1 2 3... Retrieved December 22 2022 from https:\/\/www.shadowserver.org\/news\/avalanche-123\/."},{"key":"e_1_3_2_119_2","first-page":"129","volume-title":"Fixing a hole: The labor market for bugs","author":"Shrobe Howard","year":"2018","unstructured":"Howard Shrobe, David L. Shrier, and Alex Pentland. 2018. Fixing a hole: The labor market for bugs. In New Solutions for Cybersecurity. MIT Press, Cambridge, MA, 129\u2013159."},{"key":"e_1_3_2_120_2","unstructured":"Signal. 2020. 5 Dark Web Marketplaces Security Professionals Need to Know About. Retrieved December 22 2022 from https:\/\/www.getsignal.info\/blog\/5-dark-web-marketplaces."},{"key":"e_1_3_2_121_2","unstructured":"Signal. 2020. 7 Dark Web Forums You Need to Monitor for Improved Cyber Security. Retrieved December 22 2022 from https:\/\/www.getsignal.info\/blog\/7-dark-web-forums-for-improved-cybersecurity."},{"key":"e_1_3_2_122_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2012.07.021"},{"key":"e_1_3_2_123_2","unstructured":"Craig Sirois. 2020. New McAfee Report Estimates Global Cybercrime Losses to Exceed $1 Trillion. https:\/\/www.mcafee.com\/en-us\/consumer-corporate\/newsroom\/press-releases\/press-release.html?news_id=6859bd8c-9304-4147-bdab-32b35457e629."},{"issue":"1","key":"e_1_3_2_124_2","doi-asserted-by":"crossref","first-page":"60","DOI":"10.1109\/MIC.2012.61","article-title":"Cybercrime: Dissecting the state of underground enterprise","volume":"17","author":"Sood Aditya K.","year":"2012","unstructured":"Aditya K. Sood, Rohit Bansal, and Richard J. Enbody. 2012. Cybercrime: Dissecting the state of underground enterprise. IEEE Internet Computing 17, 1 (2012), 60\u201368.","journal-title":"IEEE Internet Computing"},{"key":"e_1_3_2_125_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijcip.2013.01.002"},{"key":"e_1_3_2_126_2","unstructured":"Staff and Agencies in Berlin. 2019. German police shut down one of world\u2019s biggest dark web sites. The Guardian . Retrieved December 22 2022 from https:\/\/www.theguardian.com\/world\/2019\/may\/03\/german-police-close-down-dark-web-marketplace."},{"key":"e_1_3_2_127_2","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653738"},{"key":"e_1_3_2_128_2","unstructured":"Brett Stone-Gross Thorsten Holz Gianluca Stringhini and Giovanni Vigna. 2011. The underground economy of spam: A botmaster\u2019s perspective of coordinating large-scale spam campaigns. In Proceedings of the 2011 USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET\u201911) . 1\u20138.https:\/\/www.usenix.org\/legacy\/event\/leet11\/tech\/full_papers\/Stone-Gross.pdf"},{"key":"e_1_3_2_129_2","unstructured":"Strategyzer. 2020. Business Model Canvas. Retrieved December 22 2022 from https:\/\/www.strategyzer.com\/bmc_thank_you?submissionGuid=9a5690b9-b0d9-4274-b423-a121993570ec."},{"key":"e_1_3_2_130_2","unstructured":"Matt Sully and Matt Thompson. 2010. The Deconstruction of the Mariposa Botnet . Defence Intelligence."},{"key":"e_1_3_2_131_2","unstructured":"Evan Tarver. 2019. What Are the Primary Activities of Michael Porter\u2019s Value Chain? Retrieved December 22 2022 from https:\/\/www.investopedia.com\/ask\/answers\/050115\/what-are-primary-activities-michael-porters-value-chain.asp."},{"key":"e_1_3_2_132_2","unstructured":"Digital Shadows Analyst Team. 2017. Innovation in the Underworld: Reducing the Risk of Ripper Fraud. Retrieved December 22 2022 from https:\/\/www.digitalshadows.com\/blog-and-research\/innovation-in-the-underworld-reducing-the-risk-of-ripper-fraud\/."},{"key":"e_1_3_2_133_2","unstructured":"TheDarkWebLinks. 2020. Torrez Market | Torrez Market Links | Torrez Dark Web Links. Retrieved December 22 2022 from https:\/\/www.thedarkweblinks.com\/torrez-market\/."},{"key":"e_1_3_2_134_2","unstructured":"Iain Thompson. 2017. International team takes down virus-spewing Andromeda botnet. The Register . Retrieved December 22 2022 from https:\/\/www.theregister.com\/2017\/12\/05\/international_team_takes_down_virusspewing_andromeda_botnet\/."},{"key":"e_1_3_2_135_2","unstructured":"Iain Thomson. 2016. Online criminals iced as cops bury malware-spewing Avalanche. The Register . Retrieved December 22 2022 from https:\/\/www.theregister.com\/2016\/12\/01\/cops_shutter_avalanche_dark_net\/."},{"key":"e_1_3_2_136_2","unstructured":"Brett Stone-Gross Tillmann Werner and Bex Hartley. 2018. Farewell to Kelihos and ZOMBIE SPIDER. https:\/\/www.crowdstrike.com\/blog\/farewell-to-kelihos-and-zombie-spider\/."},{"key":"e_1_3_2_137_2","unstructured":"Tor. 2019. Tor: Onion Service Protocol. Retrieved December 22 2022 from https:\/\/2019.www.torproject.org\/docs\/onion-services."},{"key":"e_1_3_2_138_2","unstructured":"Traynor Ian. 2007. Russia accused of unleashing cyberwar to disable Estonia. https:\/\/www.theguardian.com\/world\/2007\/may\/17\/topstories3.russia."},{"key":"e_1_3_2_139_2","unstructured":"Trendmicro. 2021. Ransomware. Retrieved December 22 2022 from https:\/\/www.trendmicro.com\/vinfo\/us\/security\/definition\/ransomware."},{"key":"e_1_3_2_140_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-04117-4_18"},{"key":"e_1_3_2_141_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICCCN.2009.5235360"},{"key":"e_1_3_2_142_2","unstructured":"Rob Wright. 2018. Botnet takedown snares 3ve Methbot ad fraud campaigns. TechTarget . Retrieved December 22 2022 from https:\/\/searchsecurity.techtarget.com\/news\/252453401\/Botnet-takedown-snares-3ve-Methbot-ad-fraud-campaigns."},{"key":"e_1_3_2_143_2","unstructured":"Rob Wright. 2019. FBI: How we stopped the Mirai botnet attacks. TechTarget . Retrieved December 22 2022 from https:\/\/searchsecurity.techtarget.com\/news\/252459016\/FBI-How-we-stopped-the-Mirai-botnet-attacks."},{"key":"e_1_3_2_144_2","first-page":"746","article-title":"Botnet takedowns and the fourth amendment","volume":"90","author":"Zeitlin Sam","year":"2015","unstructured":"Sam Zeitlin. 2015. Botnet takedowns and the fourth amendment. New York University Law Review 90 (2015), 746.","journal-title":"New York University Law Review"},{"key":"e_1_3_2_145_2","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2016.46"}],"container-title":["ACM Computing Surveys"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3575808","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3575808","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T17:51:21Z","timestamp":1750182681000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3575808"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,2,9]]},"references-count":144,"journal-issue":{"issue":"11","published-print":{"date-parts":[[2023,11,30]]}},"alternative-id":["10.1145\/3575808"],"URL":"https:\/\/doi.org\/10.1145\/3575808","relation":{},"ISSN":["0360-0300","1557-7341"],"issn-type":[{"value":"0360-0300","type":"print"},{"value":"1557-7341","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,2,9]]},"assertion":[{"value":"2021-06-25","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2022-09-21","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2023-02-09","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}