Security firm Damballa reports that the number of malware samples that use P2P communications has increased five-fold during the past 12 months.
Advanced threats like ZeroAccess, Zeus Version 3 and TDL-4 are playing the biggest roles in this development, said Stephen Newman, vice president of products at Damballa. Meanwhile, other malware families have adopted P2P as a command-and-control channel, he said.
Botnet masters stand to lose access to thousands or millions of infected computers if their control servers get shut down, so they’re looking to gain resiliency by making use of decentralised P2P networks, where botnet clients can relay commands to one another, he said.
Malicious P2P traffic is hard to detect and block using traditional approaches that rely on lists of known IP addresses and hosts associated with command-and-control servers.
In an a recent report on the resilience of P2P botnets, a group of researchers from universities and tech vendors concluded that there’s an urgent need to find new ways to thwart malicious traffic on P2P botnets.