January 2008
·
258 Reads
·
406 Citations
Botnets, i.e., networks of compromised machines under a com- mon control infrastructure, are commonly controlled by an at- tacker with the help of a central server: all compromised ma- chines connect to the central server and wait for commands. However, the first botnets that use peer-to-peer (P2P) net- works for remote control of the compromised machines ap- peared in the wild recently. In this paper, we introduce a methodology to analyze and mitigate P2P botnets. In a case study, we examine in detail the Storm Worm botnet, the most wide-spread P2P botnet currently propagating in the wild. We were able to infiltrate and analyze in-depth the botnet, which al- lows us to estimate the total number of compromised machines. Furthermore, we present two different ways to disrupt the com- munication channel between controller and compromised ma- chines in order to mitigate the botnet and evaluate the effective- ness of these mechanisms.