Bonn, Germany / Also published in "LNCS", 2010, Vol 6201/2010
Skype is one of the most used P2P applications on the Inter-
net: VoIP calls, instant messaging, SMS and other features are provided
at a low cost to millions of users. Although Skype is a closed source
application, an API allows developers to build custom plugins which in-
teract over the Skype network, taking advantage of its reliability and
capability to easily bypass firewalls and NAT devices. Since the protocol
is completely undocumented, Skype traffic is particularly hard to analyze
and to reverse engineer. We propose a novel botnet model that exploits
an overlay network such as Skype to build a parasitic overlay, making it
extremely difficult to track the botmaster and disrupt the botnet with-
out damaging legitimate Skype users. While Skype is particularly valid
for this purpose due to its abundance of features and its widespread
installed base, our model is generically applicable to distributed appli-
cations that employ overlay networks to send direct messages between
nodes (e.g., peer-to-peer software with messaging capabilities). We are
convinced that similar botnet models are likely to appear into the wild
in the near future and that the threats they pose should not be un-
derestimated. Our contribution strives to provide the tools to correctly
evaluate and understand the possible evolution and deployment of this
phenomenon.
Bonn, Germany / Also published in "LNCS", 2010, Vol 6201/2010 and is available at : http://dx.doi.org/10.1007/978-3-642-14215-4_5