2008 3rd International Conference on Malicious and Unwanted Software (MALWARE) 2008
DOI: 10.1109/malware.2008.4690856
|View full text |Cite
|
Sign up to set email alerts
|

P2P as botnet command and control: A deeper insight

Abstract: The research community is now focusing on the integration of peer-to-peer (P2P) concepts as incremental improvements to distributed malicious software networks (now generically referred to as botnets). While much research exists in the field of P2P in terms of protocols, scalability, and availability of content in P2P file sharing networks, less exists (until this last year) in terms of the shift in C&C from central C&C using clear-text protocols, such as IRC and HTTP, to distributed mechanisms for C&C where t… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
47
0

Year Published

2010
2010
2022
2022

Publication Types

Select...
5
2
1

Relationship

1
7

Authors

Journals

citations
Cited by 83 publications
(47 citation statements)
references
References 6 publications
0
47
0
Order By: Relevance
“…In TCP/IP sense, each node can act as either server or client, as dictated by network conditions. Dittrich (2008) names Peacomm and Nugache as examples of P2P botnets [13]. In addition to the lack of server as a single point of failure, he mentions small network footprint and unpredictable traffic patterns as additional benefits.…”
Section: Malware Command and Control Network Architecturesmentioning
confidence: 99%
“…In TCP/IP sense, each node can act as either server or client, as dictated by network conditions. Dittrich (2008) names Peacomm and Nugache as examples of P2P botnets [13]. In addition to the lack of server as a single point of failure, he mentions small network footprint and unpredictable traffic patterns as additional benefits.…”
Section: Malware Command and Control Network Architecturesmentioning
confidence: 99%
“…The ability to have multiple servers is important in case some of the botmasters are detected and brought down by malware researchers or law enforcement agencies [9]. As we see in Figure 2, a botmaster and two C&C servers are controlled by a single botmaster acting as bots.…”
Section: Command and Controlmentioning
confidence: 99%
“…When Storm's worm is at its peak, it is deemed responsible for generating 99% of all spam messages seen by a large service provider [9]. Storm's botnet size estimate is difficult to gauge as it uses a peer-to-peer communication protocol and there was no comprehensive measurement study completed [26].…”
Section: Command and Controlmentioning
confidence: 99%
“…They showed how Storm bots could be commanded to download and replace Storm with any chosen binary executable. Such reverse engineering is required for comprehensive understanding of emerging malware threats [14,22,20,5,4]. Partial source code for their program that implements the counter-attack on the Storm botnet (named Stormfucker ) was released on the full-disclosure mailing list.…”
Section: Stormmentioning
confidence: 99%
“…The encryption mechanisms in advanced bots like Nugache [14] and Conficker are sufficiently robust to prevent taking over the C&C channel and directly controlling the bots: the bots will ignore commands without proper signatures. Storm, on the other hand, was weak enough that someone could control the bots.…”
Section: Alternative Countermeasuresmentioning
confidence: 99%