Peer to Peer Malware: Difference between revisions
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
For a description, read: http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1286808,00.html | For a description, read: http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1286808,00.html | ||
The author describes the danger posed by malware such as Storm and Nugache, using P2P principles, and the economy that is behind it. | The author describes the danger posed by malware such as Storm and Nugache, using P2P principles, and the economy that is behind it. | ||
=Example= | |||
The istributed/resilient command and control of Storm: | |||
"Rather than having all hosts communicate to a central server or set of servers, Storm uses a peer-to-peer network for C2. This makes the Storm botnet much harder to disable. The most common way to disable a botnet is to shut down the centralized control point. Storm doesn't have a centralized control point, and thus can't be shut down that way. This technique has other advantages, too. Companies that monitor net activity can detect traffic anomalies with a centralized C2 point, but distributed C2 doesn't show up as a spike. Communications are much harder to detect." | |||
(http://globalguerrillas.typepad.com/globalguerrillas/2007/10/malware-warfare.html) | |||
=More Information= | |||
John Robb at http://globalguerrillas.typepad.com/globalguerrillas/2007/10/malware-warfare.html | |||
[[Category:Technology]] | [[Category:Technology]] | ||
[[Category:Security]] | |||
Latest revision as of 16:22, 7 February 2008
For a description, read: http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1286808,00.html
The author describes the danger posed by malware such as Storm and Nugache, using P2P principles, and the economy that is behind it.
Example
The istributed/resilient command and control of Storm:
"Rather than having all hosts communicate to a central server or set of servers, Storm uses a peer-to-peer network for C2. This makes the Storm botnet much harder to disable. The most common way to disable a botnet is to shut down the centralized control point. Storm doesn't have a centralized control point, and thus can't be shut down that way. This technique has other advantages, too. Companies that monitor net activity can detect traffic anomalies with a centralized C2 point, but distributed C2 doesn't show up as a spike. Communications are much harder to detect." (http://globalguerrillas.typepad.com/globalguerrillas/2007/10/malware-warfare.html)
More Information
John Robb at http://globalguerrillas.typepad.com/globalguerrillas/2007/10/malware-warfare.html