Wednesday, May 16, 2007
I've just read two papers from the HotBots conference from Usenix. One, from Grizzard, Sharma, Nunnery, Kang and Dagon, shows an overview about p2p botnets. It's interesting to see that the authors identified exactly the same issues that we tried to solve during on our Black Hat presentation, specially the hard coded information needed by the bot to start the communication with its herder.Another very good paper is the one from Wang, Sparks and Zou, that present the design of an advances hybrid p2p botnet. They included in their design the use of digitally signed commands, exactly like we mentioned. They minimized the problem of the hard coded bootstrap information, but it wasn't solved. With our proposed OTP scheme the botnet design from them would be a really hard thing to put down. I think we will see more developements on this subject, specially merging the concepts from all these papers. It will be something very hard to fight against.
Posted by Augusto Barros at 12:01 AM