Botnets are networks of malware-infected computers that are coordinated to accomplish typically
malicious tasks. The compromised hosts run programs called bots to carry out the commands of bot
masters who either develop the malware or purchase access to botnets (Criddle, n.d.). Botnets are
managed with a variety of command and control (C2 or C&C) tactics, ranging from direct connections
to individual bots to message-passing within a decentralized peer to peer network. Communication
strategies have evolved to inhibit detection or compromise of any critical component of a botnet.
C2 centralization and the ability to reverse-engineer C2 communications have proven to be
core botnet weaknesses. Even peer to peer networks are vulnerable to takedown by exploiting trust
relationships between peers. Takedowns not only threaten the malware business but allow bot
masters to be traced and apprehended. Bot masters have rapidly adopted new tactics and
sophisticated mitigations to outrace malware researchers and defenders.
In the interest of proactive defense, we propose a novel botnet C2 architecture,
“ContradictionC2,” that is more resilient to detection and bot master unmasking. What’s more, even
if detected, our tactic is impractical to take down or render inaccessible. Our architecture uses dead
drop file uploads to deliver commands to bots. In espionage, dead drops are messages concealed in
public places for later retrieval by other parties (the opposite of live drops in which two parties meet
to exchange information).
more here.............. https://docs.google.com/file/d/0Bz62YKKi9D2KRnAwRHR1WHlENWs/edit
malicious tasks. The compromised hosts run programs called bots to carry out the commands of bot
masters who either develop the malware or purchase access to botnets (Criddle, n.d.). Botnets are
managed with a variety of command and control (C2 or C&C) tactics, ranging from direct connections
to individual bots to message-passing within a decentralized peer to peer network. Communication
strategies have evolved to inhibit detection or compromise of any critical component of a botnet.
C2 centralization and the ability to reverse-engineer C2 communications have proven to be
core botnet weaknesses. Even peer to peer networks are vulnerable to takedown by exploiting trust
relationships between peers. Takedowns not only threaten the malware business but allow bot
masters to be traced and apprehended. Bot masters have rapidly adopted new tactics and
sophisticated mitigations to outrace malware researchers and defenders.
In the interest of proactive defense, we propose a novel botnet C2 architecture,
“ContradictionC2,” that is more resilient to detection and bot master unmasking. What’s more, even
if detected, our tactic is impractical to take down or render inaccessible. Our architecture uses dead
drop file uploads to deliver commands to bots. In espionage, dead drops are messages concealed in
public places for later retrieval by other parties (the opposite of live drops in which two parties meet
to exchange information).
more here.............. https://docs.google.com/file/d/0Bz62YKKi9D2KRnAwRHR1WHlENWs/edit