You are here  Software Security Software

Peer-to-peer botnets pose fresh network threat

Ian Grant
Thursday 13 December 2007 03:05

Businesses, governments and internet service providers face dangerous new network disruption and malware attacks frombotnetsbased onpeer-to-peer technology(P2P) instead of the more common hierarchical structure.

Eugene Kaspersky, CEO of Kaspersky Laboratories, the Russian antivirus company that identified the new method, said the new method had already succeeded in strangling internet communications in Krasnodar and Astrakhan for several weeks. "We do not know who was behind these attacks," he said. "It may have been a test."

Alex Gostev, senior virus analyst at Kaspersky, said the P2P nature of the new botnet meant that each infected machine needed to know only its neighbours. An instruction to activate the botnet could be sent to any of the machines in the network which would then propagate from machine to machine to build an attack.

"Not having a central controller makes it very difficult to find the originating machine," he said. He said it took a very long time to identify all the infected machines and hence to defend against the attack. "The ISPs receive these seemingly random packets and there is no constant source of attack, which means that you cannot develop a rule to filter them," he said.

Gostev said botnets have become very easy to use and a thriving underground market has developed for anyone who wants to hire one.

However, they said the trend among financially motivated attackers was to use smaller botnets. "This lets them keep under the radar so attacks are harder to detect," Kaspersky said.

Gostev said such attacks could be very subtle and highly targeted. In one case, a business journalist received an e-mail tip-off that an oil and gas company was in trouble, that the CEO had been arrested and the prosecutors were going to levy massive fines. When he checked the firm's website, he found it was down.

Further checking revealed that the tip-off was fake. The attackers had hoped to make money by selling shares they did not own in the oil firm, buying them for delivery when the price fell as a result of the bad news story being published.