 |
|
|
April 23, 2007Botnets getting harder to killTechWorld has an interesting report on the new P2P style botnets that we're starting to see becoming prevalent. Though TechWorld incorrectly reports that the majority of botnets are still IRC based. Currently, most botnets use a centralised command-and-control structure based on IRC, partly because there is such a deep existing body of knowledge and code base around the technology. But their centralised structure makes them relatively easy to shut down - a fact that hasn't stopped crooks from using them to take over large portions of the Internet.
Peer-to-peer (P2P) botnets are another matter. Taking their inspiration and underlying technology from the same P2P networks used to exchange files, they have no centralised control point, making them much harder to detect and shut down, the researchers said. These botnets are an emerging phenomenon, but have already made a big impact. For their case study the researchers chose the botnet implanted by the Storm worm, called Trojan.Peacomm. Trojan.Peacomm first made an impact in January, but also had a major re-emergence last week. IRC bots go back to 1993 in the case of the benevolent EggDrop bot, and 1998 in the case of GTbot and its variants, one of the first malicious botnets, the researchers said. It's simply not the case that botnets are still mostly on IRC. Only the smaller nets and more inexperienced botherders continue to use IRC. More experienced operators know that it's too detectible to use IRC and the likely hood of getting caught is very high nowadays. [Botnets getting harder to kill]
Posted in Tech News
by #!/usr/bin/geek at 2007-04-23 03:10 Eastern
Tags: irc botnet botnets p2p peer-to-peer
Comments
Post a comment
|
