May 7, 2013

Peer-to-Peer Botnets Make Takedowns Harder

Over the past three years, we have experienced a huge increase in both the number and the size of peer-to-peer botnets, a type of “zombie networks” of infected computers. As Bitdefender describes it, the peer-to-peer botnets have been developed in order to eliminate the risk of getting command and control servers taken down, hence shutting down the entire botnet operation. This is how traditional botnets, such as Mariposa and Rustock, worked. What makes the new generation botnets, peer-to-peer botnets, even more dangerous, is that they are decentralized and communicate in a peer-to-peer manner, rather than “being told what to do” by a specific number of control centers. This makes the work of the botnets down even harder than before.

In an article on the subject, Bitdefender mentions that a group of researchers have come up with two reliable ways of taking down these resilient peer-to-peer botnets. These are:

1. Sinkholing – Siphoning traffic to a server controlled by a botnet attacker.
2. Partitioning – Splitting the botnet into unusual botnets.

For more information, see the full research paper, created by researchers at VU University Amsterdam.