Number: IRCNE2013061867
Date: 2013/06/07
According to “computerworld”, the number of malware samples that use P-to-P (peer-to-peer) communications has increased fivefold during the past 12 months, according to researchers from security firm Damballa.
The largest contributors to this increase are advanced threats like ZeroAccess, Zeus version 3 and TDL4, said Stephen Newman, vice president of products at Damballa. However, there are also other malware families that adopted P-to-P as a command-and-control (C&C) channel recently, he said.
Botnet masters stand to lose access to thousands or millions of infected computers if their control servers are shut down, so they're looking into decentralized P-to-P communications, where botnet clients can relay commands to one another he said.
Another benefit for attackers is that malicious P-to-P traffic is hard to detect and block at the network level by using traditional approaches that rely on lists of known IP addresses and hosts associated with C&C servers.
TDL4 is probably the most prevalent malware family that uses P-to-P communications, said John Jerrim, senior research scientist at Damballa.TDL4 is best known for being highly persistent and hard to remove from computers because it infects the Master Boot Record (MBR), a special section of the hard drive that contains code executed during the boot process before the operating system starts.
Zeus version 3, which is also known as GameOver, is a Trojan program that steals online banking credentials and other financial data. Unlike TDL4, Zeus v3 uses P-to-P as its primary C&C channel.
The researchers concluded that finding alternative mitigation methods against P-to-P botnets is "urgently needed."
- 2