Revision as of 11:01, 9 August 2016 edit Yobot (talk \| contribs) Bots 4,733,870 edits m →External links: clean up / fix section header naming (WP:ASL), removed stub tag using AWB (12068) ← Previous edit		Revision as of 09:52, 20 September 2016 edit undo Widefox (talk \| contribs) Autopatrolled, Extended confirmed users, Page movers, IP block exemptions, New page reviewers, Pending changes reviewers, Rollbackers 110,632 edits →See also: already in body per WP:SEEALSO / WP:OVERLINK Next edit →
Line 24: ===Peer-to-peer=== [[Image:P2P-network.svg\|thumb\|200px\|A peer-to-peer (P2P) network in which interconnected nodes ("peers") share resources amongst each other without the use of a centralized administrative system]] Since most of the time IRC networks and Domains can be taken down with time, hackers have moved on to P2P as a way to make it harder to be taken down. Some have even been known to use encryption as a way to secure or lock down the botnet from others, most of the time when they use encryption it is Public-Key encryption and has presented challenges in both implementing it and breaking it. (See [[Gameover ZeuS]] See also [[ZeroAccess botnet]].) Some newer botnets are almost entirely P2P. Command and control is embedded into the botnet rather than relying on external servers, thus avoiding any single point of failure and evading many countermeasures.<ref>{{cite book\|authors=Wang, Ping\|chapter=Peer-to-peer botnets\|editors=Stamp, Mark & Stavroulakis, Peter\|title=Handbook of Information and Communication Security\|publisher=Springer\|year=2010\|isbn=9783642041174\|url=http://books.google.com/books?id=I-9P1EkTkigC&pg=PA335\|display-authors=etal}}</ref> Commanders can be identified just through secure keys, and all data except the binary itself can be encrypted. For example, a spyware program may encrypt all suspected passwords with a public key that is hard-coded into it, or distributed with the bot software. Only with the private key (known only by the botnet operators) can the data captured by the bot be read. Line 36: ===Domains as C&C=== This is one of the earliest types of C&C known. A [[zombie (computer science)\|zombie]] computer access a certain webpage or ___domain(s) in which commands are listed for it to be controlled. The advantages of using a webpages or domains as C&C are most of the time simpler coding and easy to update and maintain a large botnet without much issues. The disadvantages of using webpages or domains is high bandwidth needed if a large botnet is built, also many domains have been seized by government agencies in order to take down a botnets without much trouble or effort. The domains can be also a target for [[~~Denial~~denial-of-service attack]]s which may take a ___domain based botnet offline. ===IRC as C&C=== Line 50: ==See also== [[Malware]] [[Advanced Persistent Threat]] [[Zombie (computer science)]] [[Botnet]] [[Low Orbit Ion Cannon]] [[ZeroAccess botnet]] *[[Zeus (malware)]] ==References== {{reflist\|~~colwidth=~~30em}} ==External links==

Command and control (malware): Difference between revisions