The World’s Biggest Botnets – Peer to Peer

So what’s coming next, after Storm you might ask. You might remember Storm Worm Descending on Blogspot recently and other news about Botnets spiraling out of control accounting for almost 25% of online computers.

Well apparently next will be p2p or peer to peer Botnets which could literally blow Storm away.

You know about the Storm Trojan, which is spread by the world’s largest botnet. But what you may not know is there’s now a new peer-to-peer based botnet emerging that could blow Storm away.

“We’re investigating a new peer-to-peer botnet that may wind up rivaling Storm in size and sophistication,” says Tripp Cox, vice president of engineering for startup Damballa, which tracks botnet command and control infrastructures. “We can’t say much more about it, but we can tell it’s distinct from Storm.”

It’s hard to imagine anything bigger and more complex than Storm, which despite its nefarious intent as a DDOS and spam tool has awed security researchers with its slick design and its ability to reinvent itself when it’s at risk of detection or getting busted. Storm changed the botnet game, security experts say, and its successors may be even more powerful and wily.

Interesting developments, I’ll certainly be watching out for this and see what happens. This next generation could open up some DDoS attacks of never seen before proportions (I’m talking the ability to take whole countries offline).

Information warfare? Cyber Terrorism? Yes it’s getting very real.

Botnets are no longer just annoying, spam-pumping factories — they’re big business for criminals. This shift has even awakened enterprises, which historically have either looked the other way or been in denial about bots infiltrating their organizations.

“A year ago, the traditional method for bot infections was through malware. But now you’re getting compromised servers, with drive-by downloads so prevalent that people are getting infected without realizing it,” says Paul Ferguson, network architect for Trend Micro. “No one is immune.”

So watch out, and do educate people wherever you can about the dangers of Malware and safe surfing. A little Firefox here, a little NoScript there, a copy of Avast and a few instructions solve most problems.

Source: Dark Reading

Posted in: Malware

, , , , , , , , , ,

Latest Posts:

Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,
CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool
CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.

17 Responses to The World’s Biggest Botnets – Peer to Peer

  1. normalsecrecy November 19, 2007 at 7:27 am #

    damballa is a pretty compelling company. the research done at gatech that lead to the startup of this company is a good read for those so inclined. i hope they turn out to be a real solutions company and not one that always looks to apply band-aids to the latest or emerging threats/vulnerabilities.

  2. woo November 19, 2007 at 7:44 am #

    Thanks for the important information.
    I am very sad to hear that kind of news. :-(

  3. Goodpeople November 19, 2007 at 10:15 am #

    I somewhat fail to see that this is new threat. We’ve known for years that illegal downloading of software, film and music is equal to asking for trouble.

    You simply cannot trust anything that comes from untrusted sources. What was it.. out of the first 10 iso-images of Vista that were available for download, 9 were heavily invested with all sorts of malware?

    What people do with their own computers, is for them to decide. But if I catch anyone downloading stuff on a computer or network that is under my command, I’ll just kick them off the internet. After a week they can come to me in person and ask me very politely if they can have their internet privileges back.

    Been doing so for years and that’s the only way to keep most problems out.

  4. saab November 19, 2007 at 3:37 pm #


  5. dirty November 19, 2007 at 5:11 pm #

    Goodpeople I agree with you that this is not a “new” threat, however it seems that the implications and risk have dramatically increased

    Scary stuff! Thanks for the post…..

  6. Ian Kemmish November 19, 2007 at 5:18 pm #

    The “warfare” side of it is already a reality. In the run-up to the Russian Duma elections in December, human rights sites in Russia are being subject to effective and prolonged DDOS attacks. (If you can read Russian, is an independent news site which carries reports on these from time to time.)

  7. Nobody_Holme November 19, 2007 at 7:58 pm #

    Peer to peer is for idiots. Unluckily I cant convince people I know of this, even though their computers have been owned at least twice by it. I’m waiting for the botnet software that works only when your Utorrent is downloading, and the like… Those are going to make my internet slower than dialup. If anyone writes one that gets me via the router off other people torrenting, I’m going to break some legs…

  8. Goodpeople November 19, 2007 at 11:03 pm #


    I agree that risk and implications have increased dramatically. But isn’t that the consequence of more and more people getting connected?

    Like I said before: Education is the only answer. But then again, that doesn’t always work.. I can hardly expect my mother in law to understand what the net is all about. But she does want to download an occasional movie. (which btw is perfectly legal in The Netherlands).

    So, from time to time I wipe her laptop clean and do a complete reinstall. I only wish that I had trashed the pre-installed version of XP and installed Mandriva on the day she bought it. That would have made my life somewhat easier.

  9. Goodpeople November 19, 2007 at 11:24 pm #

    btw Nobody_Holme,

    Let me know when you’re going to war. I’ll come and help you.. :-)

  10. dirty November 19, 2007 at 11:32 pm #

    @goodpeople and nobody_holme
    Stupid web users = job security

    but every once in a while i do believe corporal punishment should be a valid option for them, jk

  11. dirty November 20, 2007 at 12:20 am #

    Check out this poll on packet storm

    Human Stupidity is ranked the most factor to exploit:

  12. Darknet November 20, 2007 at 6:55 am #

    I think you guys are somewhat missing the point, this IS a new threat. What we are talking about here is not an infection vector (e.g. P2P networks and software) we are talking about a new generation of worm type malware that USES P2P technology to communicate and propagate. The Botnet itself is based on P2P principles, it’s not infecting people using P2P software.

  13. Goodpeople November 20, 2007 at 10:01 am #

    Darknet is right. I did a little research on the topic and came across this document. Quite an interesting read.

    Scary, but not unstoppable seems to be the conclusion.

  14. Pantagruel November 20, 2007 at 12:53 pm #

    The UvA article is a nice read and paints a good picture of the structure behind P2P and the problems for the nearby future. Eventually security buffs will find a way to plug this hole. The only questions remain how fast and what cost to the average internet user.
    It seem to me that in this day and age every internet aware application should be scrutinized thoroughly for potential exploits and security holes, this ofcourse will only limit the amount of exploits. Add in the “everything for free ” attitude of the bulk of P2P users (not all P2P traffic is illegal stuf, i know, some GPLed distro’s are spread through P2P) makes the P2P client/server environment a viable platform for botnets (not to mention spreading trojans and virii)

  15. Nobody_Holme November 21, 2007 at 12:44 am #

    Memo to self: stop with the off-topic rants.
    Also, stupid web users are fine, as long as they dont live with me *crys in a corner*

  16. Sir Henry December 14, 2007 at 6:19 pm #

    I agree, this is a rather startling development. I also agree that education is one part of the equation. The problem with the latter, however, is one that will always provide job security to dirty: people will always assume that they will not be the victim or that they will not be affected. Too many times have I heard people state, “Out of the millions of people on the internet, what are the chances of me being singled out?” An unfortunate mistake in logic where I promptly explain to them what a botnet actually is and how it could very easily single out a myriad of users. I do believe that I have scared some sense into a number of people as a result.

  17. zupakomputer March 12, 2008 at 12:57 pm #

    Not meaning to pre-empt anything here topic-wise, but this caught my attention the other day because it’s exactly what I was thinking after learning a bit about router configuring:

    :all the internal security on a LAN is going to mostly be wasted, if the routers are compromised – especially if they’re compromised to the extent that they aren’t just being bypassed but are being re-configured.

    All in most of these problems only occur in the first place because people like to work remotely (well, who wouldn’t rather work @ home / roam around, if either-or are good places to be) therefore require being able to login remotely – has any major company invested in something like a network for VPN access (ie – over the internet) that isn’t directly part of the same secure inner company network; a system that say updates via manual hot-swaps at the end of the working day.