New Study Calls for Alternative Mitigation Strategies Against P2P Botnets

As reported by Threatpost, a new study entitled “SoK: P2PWNED — Modeling and Evaluating the Resilience of Peer-to-Peer Botnets” is highlighting the fact that P2P botnets – such as Sality, Zeus P2P, ZeroAccess, and Kelihos — are proving to be more resilient in the face of traditional disruptive tactics (e.g. injection attacks, partitioning, etc.), which are used by law enforcement and security companies against centralized botnets.

“Many P2P botnets are far more resilient to takedown attempts than centralized botnets, because they have no single points of failure,” commented the study’s researchers, who are comprised of experts from Germany’s Institute for Internet Security, Amsterdam’s VU University, and tech companies Dell SecureWorks and Crowdstrike.

The researchers noted that “…[I]mplementing mitigation strategies against new P2P botnets remains non-trivial due to the need to understand the peculiarities of each botnet’s C&C protocol. Additionally, attacking networks containing millions of peers requires significant resources which may need to remain available over the long term. We believe that a discussion is required concerning alternative mitigation strategies against P2P botnets.”
At Seculert, we believe that these “alternative mitigation strategies” must take into consideration the fact that P2P botnets talk to each other. As such, the best way to detect an infection – since 100% prevention is simply not feasible — is to actively scan beyond the threat vector in order to identify, intercept and collect data from actual live botnets.

Not only is this a practical way to identify subtle or unknown malware attacks, but there are no possibilities of false positives, since the alarm bell only goes off as a result of actual botnet traffic. Learn more about this strategy here.