Skip to Content

The Botnets That Won’t Die

New communications schemes could make zombie PC networks far harder to shut down.
April 21, 2011

Last week the FBI took down the Coreflood botnet—a major network of zombie computers that had been used to steal personal information worth hundreds of thousands of dollars. But the bust relied on an important weakness of conventional botnets—that they are controlled by a few central computers. Take down those central machines and you’ll disable the whole network of as many as hundreds of thousands of compromised PCs. Researchers warn that this weakness does not exist in botnets that use peer-to-peer communications protocols, whereby messages are passed from machine to machine instead of coming from a central command.

Peer-to-peer botnets could become more common if coordinated attacks on conventional botnets continue. “When they feel that centralized botnets have more of a tendency to be shut down by the authorities, then they will turn to peer-to-peer botnets,” says Cliff Zou, a network security researcher at the University of Central Florida.

A botnet is a network of computers that, unknown to their owners, have been compromised by viruses or worms and can be controlled remotely. Spammers and criminal organizations use them to troll for credit card and bank account information.

Some botnets already implemented have used peer-to-peer communications. Computers in such a network keep a list of peers—other computers in the network—and pass information on to them. When the controller wants to issue a command to the botnet, he inserts it into one or more of the peers, and it gradually spreads throughout the network.

But this design is complicated to implement, and authorities have been able to infiltrate these networks and spread phony commands, files, and peer information, intercepting and disrupting communications.

Stephan Eidenbenz  of Los Alamos National Laboratory and colleagues designed and simulated a botnet that could prove much more resilient. They describe it in an upcoming paper in Computer Networks.

Their hypothetical botnet would randomly configure itself into a hierarchy, with peers accepting commands only from computers higher up in the hierarchy. Any computer taken over by an outsider would thus be less likely to be able to disrupt the network. The botnet would reconfigure its hierarchy every day, so outsiders would have scant time to track down the highest-level computers that could do the most damage.

The technique, together with strong encryption, would make such botnets hard to analyze and attack. “We believe it could be quite effective,” Eidenbenz warns.

Zou expects that stronger peer-to-peer botnets are only a matter of time. Once someone writes ways to strengthen a botnet’s security into easy-to-implement code, he says, this type of botnet will quickly spread.

But Brett Stone-Gross, a computer security researcher at UC Santa Barbara, thinks that even with improvements, peer-to-peer botnets will remain too complicated and vulnerable to being taken over. Besides, he says, conventional botnets remain very hard to battle. “[Conventional] botnets are still the most effective,” he says. “They’re easy to set up. It really comes down to simplicity vs. complexity. Even if you take down a web server, they’ll pop back up somewhere else. You’ll see it with Coreflood. It will be back online in a couple of weeks.”

Keep Reading

Most Popular

This startup wants to copy you into an embryo for organ harvesting

With plans to create realistic synthetic embryos, grown in jars, Renewal Bio is on a journey to the horizon of science and ethics.

VR is as good as psychedelics at helping people reach transcendence

On key metrics, a VR experience elicited a response indistinguishable from subjects who took medium doses of LSD or magic mushrooms.

This nanoparticle could be the key to a universal covid vaccine

Ending the covid pandemic might well require a vaccine that protects against any new strains. Researchers may have found a strategy that will work.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.