Peer-to-Peer Communications Becoming Prevalent in Botnet-Type Malware
There was a time that peer-to-peer (P2P) communications where the in-thing to delve into as many of the P2P networks provided free downloads and sharing of software and media files. Today, P2P communications is a different animal, with sharp teeth, altogether evolving into a highly targeted platform for malware peddlers.
According to researchers form the security firm Damballa, malware samples collected from peer-to-peer communications has increased fivefold in the past 12 months. What does this mean? Simply put, it means malware has become as much as 5-times more prevalent among P2P communications spreading advanced threats such as botnet-type infections designed to connect to servers for instructions to carry out malicious activities.
Advanced malware threats lurking on P2P communications networks is nothing really new. What is new is the exponential growth rate researchers are witnessing where botnets are ahead of the game winning a proverbial fight to spread like wildfire via P2P communications.
The association between command-and-control (C&C) servers, the backbone for sending instructions to botnet-infected systems, and P2P communications has had many shades of grey until now. Because authorities are able to make headway, sometimes easily, to combat botnets through taking down their command-and-control servers to put an end to the botnet, attackers are taking to P2P traffic as it is hard to block at the network level using traditional approaches. This means by using P2P infrastructure, botnet masters are able to flex their malware muscles a bit more without as many roadblocks.
A prevelent malware family to use P2P communications is the TDL4 group of threats. TDL4's P2P communication channel is used as a backup in the event that its C&C server cannot be reached by using a domain generation algorithm.
Damballa researchers have also uncovered how P2P communications are used in popular botnets aptly known as Zeus and ZeroAccess. Although such botnet threats are considered to be 'aged', they have built up a particular resilience having P2P communications capabilities.
Right now, it seems as if the emergence of new Botnets using peer-to-peer communications as a secondary means of connectivity instead of solely relying on their default command-and-control server is allowing this type of malware to grow out of control. One thing that we know for sure is researchers, security experts and authorities will need to come up with alternative mitigation methods if we want to see this new-found malware growth rate go in the other direction.