P2P Botnet stages

• Recruiting: P2P malware such as Gnuman , WORM_PITUPI.K , and Koobface.

• Forming the botnet:

  • parasite P2P botnet: all the bots are from an existing P2P network, and it uses this available P2P network for command and control.
  • leeching P2P botnet: bot members join an existing P2P network and depend on this P2P network for C&C communication.
  • bot-only P2P botnet: builds its own network, all members are bots, such as Storm botnet and Nugache.

• Standing by for instructions (using P2P Protocols):

  • P2P file-sharing have a file index used by peers to locate the desired content, may be centralized (e.g., Napster), distributed over part of the file-sharing nodes (e.g., Gnutella), or distributed over all or a large fraction of the nodes (e.g., Overnet).
  • Design a new P2P communication protocol to be used in a bot-only P2P botnet.

• Defenses: anti-virus + poison the index

Source: Wang et al

Previous slide

Next slide

Back to first slide

View graphic version