Skip to content

No Leadership, No Problem

February 27, 2012

Warning: High geek content.

The Register has an article today on an emerging form of virus that utilizes a decentralized infrastructure to proliferate and communicate.  The lack of “command and control” makes it much harder to then eradicate.

“Previously, every compromised computer was a peer in the botnet and the configuration file (containing the URL of the C&C server) was distributed from one peer to another,” Symantec researcher Andrea Lelli explains. “This way, even if the C&C server was taken down, the botnet was still able to contact other peers to receive configuration files with URLs of new C&C servers.”

“With the latest update, it seems that the C&C server has disappeared entirely for this functionality. Where they were previously sending and receiving control messages to and from the C&C, these control messages are now handled by the P2P network.”

Stolen data (banking login credentials) and the like can be transmitted over the P2P network, instead of dumped on servers that might be infiltrated. However preliminary analysis suggest that stolen data is still transmitted back to attackers directly rather than relayed through the P2P network.

This is, I have to admit, a pretty innovative effort to proliferate a virus.  I first worked with peer-to-peer in the ’90s when it was being used across millions of clients to do things like search for intelligence in space signals or do prion-matching for cancer and mad cow types.  Essentially, each computer in the network is given access to a few others in the network, and any information is percolated like water through coffee grinds… it mostly trickles across the network.  The unique piece here is that there’s no centralized control piece, which usually still exists in standard networks to distribute information.

A virus that utilizes this is likely one that will be harder to detect since there’s little traffic to weird IP addresses.  Once installed, it can percolate through the net by communicating with and infesting other machines with which it normally communicates. I have to admit, this is a way cool idea on how to do bad things.  Not that I approve, obviously…

One rule in security is that attacks will always evolve as fast as defenses do.  In the world of cyber-security, that’s obviously true.  We’ll be seeing more of these types of attacks over time, and distributed defense responses should be equally interesting to behold.

No comments yet

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: