Infected computers serve as engine for P2P worm

Massive networks of infected computers controlled by attackers worldwide will serve as a powerful engine for the new breed of so-called P2P worm that is currently echoing across cyberspace.

Share

Massive networks of infected computers controlled by attackers worldwide will serve as a powerful engine for the new breed of so-called P2P worm that is currently echoing across cyberspace.

Security experts have predicted over the last several years that botnets of hijacked PCs would pose one of the staunchest challenges faced by the IT community as criminals discovered new ways to use them to deliver attacks.

The rapid takeoff of the so-called Storm worm -- which many researchers have said is more accurately identified as a Trojan threat based on the fact that it uses botnet commands to spread itself instead of doing so independently -- likely represents the beginning of a new wave of activity supported by the captive infrastructure, according to researchers.

The attacks have more recently gained the additional P2P identification for their ability to contact external control servers using private peer-to-peer networks.

The confluence of more sophisticated botnet technologies and a wider audience of customers seeking to capitalise on the compromised computers has created a burgeoning economy that will make the threats harder to stamp out quickly, said Jose Nazario, senior software engineer at network security specialist Arbor Networks.

As malware writers, adware distributors, and fraudsters pool access to botnets and look for new ways to cash in on the systems, large-scale attacks like Storm, which mimics more traditional worm activity with its rapid-rate of propagation via spam, will rise to the top, according to the expert.

"The ease-of-use of the botnet technologies is increasing rapidly because the people building the botnets are reaching out for more customers, and they have to make their systems simpler to use," Nazario said. "They've also figured out ways to sell their botnets for a lot of different purposes, and as we're seeing a flood of botnets on the market, there also appears to be consolidation with several dominant organisations taking over."

Nazario attended a conference in Boston last week dubbed HotBots where he said that researchers concluded that larger botnet operators are getting more aggressive as criminal groups with advanced money laundering capabilities are getting involved and fueling the illegal economy.

With spammers and adware vendors getting into the mix for their own purposes, outbreaks like Storm, which has flooded the web with a massive amount of traffic since 12 April after periodic outbreaks since late 2006, will likely become more frequent.

Find your next job with computerworld UK jobs