A new botnet is nearing completion and is listing on the hacking community at $8,000.
Botnets, networks of compromised computers under the control of a hacker or hacker group, primarily deliver huge amounts of spam or to direct a distributed denial of service (DDoS) attack against a particular target.
They traditionally have a centralized architecture with a central command and control (C&C) server commanding the individual compromised computers (bots).
This new botnet, named THOR and coded by TheGrimReap3r, is nearing completion and is for sale at $8,000 on the underground. THOR does not use a central C&C. It has a decentralized architecture based on peer-to-peer (P2P) technology. P2P botnets are the latest innovation in the battle between whitehat security researchers and law enforcement agencies and the blackhat criminal underground.
The “weakness” in the traditional centralized architecture, is it is not impossible to track down the C&C server, and “if you are able to shut it down you can kill the botnet (the bots will be there but the cybercriminal won’t be able to control them),” said Panda Security’s technical director Luis Corrons.
“The infamous Conficker worm was the first to use P2P technology to control its botnet,” said Ram Herkanaidu, education manager at Kaspersky Lab. “In so doing, it introduced resilience into the system.”
P2P botnets let the controller inject commands into the network and have the bots disseminate the commands amongst each other. It also makes it harder to find the criminal behind the botnet.
Botnet developers can either use the technology themselves or rent it out to other cybercriminals to spread malware, send spam, act as a proxy service or other purposes.
But P2P botnets are not without their own problems. The level of control is not as high. While P2P botnets are potentially more difficult to takedown, they can be beat.