Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Botnet
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
===Peer-to-peer=== [[File:P2P-network.svg|thumb|250px|A peer-to-peer (P2P) network in which interconnected nodes ("peers") share resources among each other without the use of a centralized administrative system]] In response to efforts to detect and decapitate IRC botnets, bot herders have begun deploying malware on [[peer-to-peer]] networks. These bots may use [[digital signature]]s so that only someone with access to the private key can control the botnet,<ref name=":0">{{Cite journal | last=Heron| first=Simon| date=April 1, 2007| title=Botnet command and control techniques| journal=Network Security| volume=2007| issue=4| pages=13β16| doi=10.1016/S1353-4858(07)70045-4}}</ref> such as in [[Gameover ZeuS]] and the [[ZeroAccess botnet]]. Newer botnets fully operate over P2P networks. Rather than communicate with a centralized server, P2P bots perform as both a command distribution server and a client which receives commands.<ref>{{cite book|chapter-url=https://books.google.com/books?id=I-9P1EkTkigC&pg=PA335|title=Handbook of Information and Communication Security|publisher=Springer|year=2010|isbn=9783642041174|editor1-first=Mark|editor1-last=Stamp|editor2-first=Peter|editor2-last=Stavroulakis|chapter=Peer-to-peer botnets|first=Ping|last=Wang|access-date=28 July 2016|archive-date=22 June 2024|archive-url=https://web.archive.org/web/20240622185954/https://books.google.com/books?id=I-9P1EkTkigC&pg=PA335#v=onepage&q&f=false|url-status=live}}</ref> This avoids having any single point of failure, which is an issue for centralized botnets. In order to find other infected machines, P2P bots discreetly probe random [[IP address]]es until they identify another infected machine. The contacted bot replies with information such as its software version and list of known bots. If one of the bots' version is lower than the other, they will initiate a file transfer to update.<ref name=":0" /> This way, each bot grows its list of infected machines and updates itself by periodically communicating to all known bots.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)