| Conference |
| Type of Publication |
| Measurements and Mitigation of Peer-to-Peer-based Botnets:
A Case Study on Storm Worm |
| Title |
|
Thorsten Holz
Frederic Dahl
Ernst W. Biersack
Felix Freiling
|
| Authors |
| LEET: First USENIX Workshop on Large-Scale Exploits
and Emergent Threats, San Francisco, CA, April 2008 |
| Published in |
| Botnets, i.e., networks of compromised
machines under a common control infrastructure, are commonly
controlled by an attacker with the help of a central server: all
compromised machines connect to the central server and wait for
commands. However, the first botnets that use peer-to-peer
networks for remote control of the compromised machines appeared
in the wild recently. In this paper, we introduce a methodology
to analyze and mitigate peer-to-peer botnets. In a case study, we
examine in detail the Storm Worm botnet, the most wide-spread
peer-to-peer botnet currently propagating in the wild. We were
able to infiltrate and analyze in-depth the botnet, which allows
us to estimate the total number of compromised machines.
Furthermore, we present two different ways to disrupt the
communication channel between controller and compromised machines
in order to mitigate the botnet and evaluate the effectiveness of
these mechanisms. |
| Abstract |
| [PDF]
[BIB] [XML] |
| Downloads & Bib-Entries |
