More malware is traveling on P2P networks these days

Hackers have found a devious new way to disseminate malware: They're using peer-to-peer networks.

Hackers have found a devious new way to disseminate malware: They're using peer-to-peer networks.

Security firm Damballa reports that the number of malware samples that use P2P communications has increased fivefold during the past 12 months.

Advanced threats like ZeroAccess, Zeus Version 3 and TDL-4 are playing the biggest roles in this development, said Stephen Newman, vice president of products at Damballa. Meanwhile, other malware families have adopted P2P as a command-and-control channel, he said.

Botnet masters stand to lose access to thousands or millions of infected computers if their control servers get shut down, so they're looking to gain resiliency by making use of decentralized P2P networks, where botnet clients can relay commands to one another, he said.

Malicious P2P traffic is hard to detect and block using traditional approaches that rely on lists of known IP addresses and hosts associated with command-and-control servers.

In an a recent report on the resilience of P2P botnets, a group of researchers from universities and tech vendors concluded that there's an urgent need to find new ways to thwart malicious traffic on P2P botnets.

This version of this story was originally published in Computerworld's print edition. It was adapted from an article that appeared earlier on Computerworld.com.

Read more about security in Computerworld's Security Topic Center.

Join the Computerworld New Zealand newsletter!

Error: Please check your email address.

Tags Security ID

Show Comments
[]