P2P Botnets Increasingly Sophisticated
Botnets have been a problem for years but we may be reaching a point where their level of sophistication makes them difficult to contain with existing technologies. Of particular concern is the spread of peer-to-peer botnets which are much more resilient than traditional command and control botnets.
Dr. Jose Nazario of Arbor Networks, quoted in PhysOrg.com:
"P2P networks - are - the biggest challenge we're facing," … [he] said in an interview with eWEEK. "Bad guys know this. - P2P botnets are hard to take down - for the same reasons that media companies have trouble shutting down P2P networks."
From Peer-to-Peer Botnets: Overview and Case Study by Julian B. Grizzard, David Dagon, Vikram Sharma, Chris Nunnery and Brent ByungHoon Kang, we hear:
Peer-to-peer bots are now under widespread development," the authors wrote. "Some peer-to-peer bots have used existing peer-to-peer protocols while others have developed custom protocols. We predict that peer-to-peer botnets will mature to a level in which they might become more widespread than traditional decentralized C&C architectures.
What this means, among other things, is that we’ll new kinds of tools to detect and contain these. For example, more emphasis on network traffic analysis, rather than just scan client devices, will be needed. This is due to two problems. First, botnet writers are getting better at using rootkits to hide their malware, and second, even when we can detect botnet footprints, naive users are not running updated anti-virus programs that might detect them.
I’ve been a proponent of improving user training and awareness about security but that isn’t enough and it can’t happen fast enough.
For more on recent trends in botnets, see the HotBots conference proceedings at http://www.usenix.org/events/hotbots07/tech/.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
