• DocumentCode
    1592400
  • Title

    P2P as botnet command and control: A deeper insight

  • Author

    Dittrich, David ; Dietrich, Sven

  • Author_Institution
    Appl. Phys. Lab., Univ. of Washington, Washington, DC
  • fYear
    2008
  • Firstpage
    41
  • Lastpage
    48
  • Abstract
    The research community is now focusing on the integration of peer-to-peer (P2P) concepts as incremental improvements to distributed malicious software networks (now generically referred to as botnets). While much research exists in the field of P2P in terms of protocols, scalability, and availability of content in P2P file sharing networks, less exists (until this last year) in terms of the shift in C&C from central C&C using clear-text protocols, such as IRC and HTTP, to distributed mechanisms for C&C where the botnet becomes the C&C, and is resilient to attempts to mitigate it. In this paper we review some of the recent work in understanding the newest botnets that employ P2P technology to increase their survivability, and to conceal the identities of their operators. We extend work done to date in explaining some of the features of the Nugache P2P botnet, and compare how current proposals for dealing with P2P botnets would or would not affect a pure-P2P botnet like Nugache. Our findings are based on a comprehensive 2-year study of this botnet.
  • Keywords
    invasive software; peer-to-peer computing; protocols; HTTP; IRC; Nugache P2P botnet; botnet command; clear-text protocols; distributed malicious software networks; peer-to-peer file sharing networks; Command and control systems; Computer science; Delay; Laboratories; Peer to peer computing; Physics; Proposals; Protocols; Scalability; Storms;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Malicious and Unwanted Software, 2008. MALWARE 2008. 3rd International Conference on
  • Conference_Location
    Fairfax, VI
  • Print_ISBN
    978-1-4244-3288-2
  • Electronic_ISBN
    978-1-4244-3289-9
  • Type

    conf

  • DOI
    10.1109/MALWARE.2008.4690856
  • Filename
    4690856