Damballa said that Malware Utilize P2P Communications to Escape Detection

Many of the Internet's most hazardous malware threats are now routinely using peer-to-peer (P2P) command and control in an attempt to escape the detection and shut down that has impacted many conventional botnets, as per security vendor Damballa.

The P2P method has been there for many years but the company (Damballa) had observed a fivefold increase in malware samples using this behavior in the past one year, particularly the hazardous threats like the infamous Zeus v3, ZeroAccess, and the TDL4/TDSS root kit.

The use of P2P in advanced malware has been masquerading for some time, but we have never really witnessed it take the grasp that we have began to see now, noted Stephen Newman, Vice President of products at Damballa, as published by computerworld.com on June 5, 2013. The cause why this is occurring presently has to do with cyber crooks wish for resiliency in the wake of shutdown attempts that can disturb centralized C&C infrastructure, he said.

Botnet herders stand to lose control to thousands or maybe millions of compromised machines if control servers owned by them are brought down, so they are looking ahead for decentralized P2P communications, where botnet patrons can transmit commands to each other, as a resilience method with other method similar to the employment of DGAs or domain generation algorithms (DGAs), he said.

Other advantage for cybercriminals is that malicious P2P traffic is difficult to trace and hold at the network stage by employing domestic methods that depends on lists of recognized IP (internet Protocol) addresses and hosts linked with C&C servers.

Rick Holland, a Senior Analyst, at Cambridge, Mass-based Forrester Researcher commenting on the latest finding says that increased usage of P2P technique is an instance of traditional arms race between cybercriminals and defenders, according to news published by searchnetworking.techtarget.com on June 12, 2013.

Attackers want to keep the availability of their botnet just like enterprises want to preserve availability of their corporate systems, Holland claims. As security improves, and finding and blocking of usual botnet [command & control] happens more frequently, the cybercriminals usually adopt techniques that preserve the availability and resiliency of their botnet, he further added.

» SPAMfighter News - 6/18/2013