Botnets' Next Trick: Distribution via P2P Networks

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

This story at eWEEK carries some bad news. Botnets -- a big category that represents a serious threat to the Internet -- are about to get better (or worse, depending on how you look at it).


At the highest level, botnets are armies of innocent computing devices that have been hijacked and impressed into service by spammers, virus distributors and other malcontents. Like other tools used by the bad guys, botnets are constantly being tweaked to stay ahead of security vendors and enterprise IT departments.


The latest tweak looks like a doozy. The story says five researchers presented a paper at the HotBots Usenix event last week pointing to the increasing use of peer-to-peer (P2P) networking to distribute botnets. A P2P version of the Storm worm hit last week.


Until now, the paper says, botnets used a "command-and-control" approach based on Internet relay chat (IRC), a hierarchal means of distributing data. This is good because it means that once the networks are found they can be rendered inoperative with relative ease. A switch to P2P -- in which there is no centralized point from which operational orders emanate -- would make it much harder to shut the networks down. The story goes into some detail on the approach.


P2P approaches have long been a problem for IT departments. In the heyday of these networks -- before the businesses that used them ran headlong into copyright laws -- services such as KaZaA and Napster tended to bring in malware along with the music that employees downloaded at work. Enterprises had other complaints about P2P, most related to the fact that it is difficult for IT departments to monitor and control.


The use of P2P for botnet distribution seems like an extension of this prickly relationship. And there seem to be no easy answers on how to stop it.