Thorsten Holz Frederic Dahl Ernst W. Biersack Felix Freiling LEET: First USENIX Workshop on Large-Scale Exploits and Emergent Threats LEET: First USENIX Workshop on Large-Scale Exploits and Emergent Threats San Francisco, CA 2008 04 Botnets, i.e., networks of compromised machines under a common control infrastructure, are commonly controlled by an attacker with the help of a central server: all compromised machines connect to the central server and wait for commands. However, the first botnets that use peer-to-peer networks for remote control of the compromised machines appeared in the wild recently. In this paper, we introduce a methodology to analyze and mitigate peer-to-peer botnets. In a case study, we examine in detail the Storm Worm botnet, the most wide-spread peer-to-peer botnet currently propagating in the wild. We were able to infiltrate and analyze in-depth the botnet, which allows us to estimate the total number of compromised machines. Furthermore, we present two different ways to disrupt the communication channel between controller and compromised machines in order to mitigate the botnet and evaluate the effectiveness of these mechanisms.