DocumentCode
1592400
Title
P2P as botnet command and control: A deeper insight
Author
Dittrich, David ; Dietrich, Sven
Author_Institution
Appl. Phys. Lab., Univ. of Washington, Washington, DC
fYear
2008
Firstpage
41
Lastpage
48
Abstract
The research community is now focusing on the integration of peer-to-peer (P2P) concepts as incremental improvements to distributed malicious software networks (now generically referred to as botnets). While much research exists in the field of P2P in terms of protocols, scalability, and availability of content in P2P file sharing networks, less exists (until this last year) in terms of the shift in C&C from central C&C using clear-text protocols, such as IRC and HTTP, to distributed mechanisms for C&C where the botnet becomes the C&C, and is resilient to attempts to mitigate it. In this paper we review some of the recent work in understanding the newest botnets that employ P2P technology to increase their survivability, and to conceal the identities of their operators. We extend work done to date in explaining some of the features of the Nugache P2P botnet, and compare how current proposals for dealing with P2P botnets would or would not affect a pure-P2P botnet like Nugache. Our findings are based on a comprehensive 2-year study of this botnet.
Keywords
invasive software; peer-to-peer computing; protocols; HTTP; IRC; Nugache P2P botnet; botnet command; clear-text protocols; distributed malicious software networks; peer-to-peer file sharing networks; Command and control systems; Computer science; Delay; Laboratories; Peer to peer computing; Physics; Proposals; Protocols; Scalability; Storms;
fLanguage
English
Publisher
ieee
Conference_Titel
Malicious and Unwanted Software, 2008. MALWARE 2008. 3rd International Conference on
Conference_Location
Fairfax, VI
Print_ISBN
978-1-4244-3288-2
Electronic_ISBN
978-1-4244-3289-9
Type
conf
DOI
10.1109/MALWARE.2008.4690856
Filename
4690856
Link To Document