Measurements and mitigation of peer-to-peer-based botnets: a case study on storm wor

Holz, Thorsten;Steiner, Moritz;Dahl, Frederic;Biersack, Ernst W;Freiling, Felix

LEET 2008, 1st USENIX Workshop on Large-Scale Exploits and Emergent Threats, April 15, 2008, San Francisco, USA

Botnets, i.e., networks of compromised machines under a common control
infrastructure, are commonly controlled by an attacker with the help of a
central server: all compromised machines connect to the central server and
wait for commands.
However, the first botnets that use peer-to-peer networks for remote
control of the compromised machines appeared in the wild recently. In this
paper, we introduce a methodology to analyze and mitigate peer-to-peer botnets. In a
case study, we examine in detail the Storm Worm botnet, the most wide-spread
peer-to-peer botnet currently propagating in the wild. We were able to infiltrate and
analyze in-depth the botnet, which allows us to estimate the total number of
compromised machines. Furthermore, we present two different ways to disrupt
the communication channel between controller and compromised machines in order
to mitigate the botnet and evaluate the effectiveness of these mechanisms

Detail

Document

BIBTEX

Type:

Conference

City:

San Francisco

Date:

2008-04-15

Department:

Digital Security

Eurecom Ref:

2449

Copyright Usenix. Personal use of this material is permitted. The definitive version of this paper was published in LEET 2008, 1st USENIX Workshop on Large-Scale Exploits and Emergent Threats, April 15, 2008, San Francisco, USA and is available at :