Abstract
Botnets are the preeminent source of online crime and arguably the greatest threat to the Internet infrastructure. In this paper, we present ZombieCoin, a botnet command-and-control (C&C) mechanism that runs on the Bitcoin network. ZombieCoin offers considerable advantages over existing C&C techniques, most notably the fact that Bitcoin is designed to resist the very regulatory processes currently used to combat botnets. We believe this is a desirable avenue botmasters may explore in the near future and our work is intended as a first step towards devising effective countermeasures.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Bitcoin technically provides pseudonymity, a weaker form of anonymity, in that Bitcoin addresses are not tied to identity and it is trivial to generate new addresses.
References
Weber, T.: Criminals ‘may overwhelm the web’. BBC Home, 25 January 2007. Accessed on 22 July 2014
Dittrich, D.: So you want to take over a botnet. In: Proceedings of the 5th USENIX Conference on Large-Scale Exploits and Emergent Threats, pp. 6–6. USENIX Association (2012)
Stevenson, A.: Botnets infecting 18 systems per second, warns FBI. V3.co.uk, 16 July 2014. Accessed on 22 July 2014
Android smartphones ‘used for botnet’, researchers say 5 July 2012. http://www.bbc.co.uk/news/technology-18720565
Vincent, J.: Could your fridge send you spam? security researchers report ‘internet of things’ botnet. The Independent, 20 January 2014. Accessed on 22 July 2014
Bustillos, M.: The Bitcoin Boom. The New Yorker, April 2013. Accessed on 22 July 2014
Young, A., Yung, M.: Malicious Cryptography: Exposing Cryptovirology. John Wiley & Sons, Chichester (2004)
ICT-FORWARD Consortium. FORWARD: Managing Emerging Threats in ICT Infrastructures, 2007–2008. Accessed on 22 July 2014
Barford, P., Yegneswaran, V.: An inside look at botnets. In: Christodorescu, M., Jha, S., Maughan, D., Song, D., Wang, C. (eds.) Malware Detection. Advances in Information Security, vol. 27, pp. 171–191. Springer, New York (2007)
Westervelt, R.: Botnet Masters Turn to Google, Social Networks to Avoid Detection. TechTarget, 10 November 2009. Accessed on 4 Aug 2014
Bowden, M.: Worm: The First Digital World War. Atlantic Monthly Press, New York (2011)
Stone-Gross, B., Cova, M., Cavallaro, L., Gilbert, B., Szydlowski, M., Kemmerer, R., Kruegel, C., Vigna, G.: Your botnet is my botnet: analysis of a botnet takeover. In: Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS), pp. 635–647. ACM (2009)
Wang, P., Sparks, S., Zou, C.C.: An advanced hybrid peer-to-peer botnet. IEEE Trans. Dependable Sec. Comput. 7(2), 113–127 (2010)
Neville, A., Gibb, R.: Security response: zeroaccess indepth. White paper, Symantec, 4 October 2013
Prince, B.: Flashback botnet updated to include twitter as C&C. SecurityWeek, 30 April 2012. Accessed on 22 July 2014
Lelli, A.: Trojan.Whitewell: What’s your (bot) Facebook Status Today? Symantec Security Response Blog, October 2009. http://www.symantec.com/connect/blogs/trojanwhitewell-what-s-your-bot-facebook-status-today. Accessed on 22 July 2014
Kovacs, E.: RAT Abuses Yahoo Mail for C&C Communications. SecurityWeek, 4 August 2014. Accessed on 4 August 2014
Katsuki, T.: Malware Targeting Windows 8 Uses Google Docs. Symantec Official Blog, 16 November 2012. Accessed on 4 August 2014
Gallagher, S.: Evernote: So useful, even malware loves it. Ars Technica, 27 March 2013. Accessed on 4 August 2014
Protocol Specification. Bitcoin Wiki. Accessed 22 July 2014
Apodaca, R.L.: OP\_RETURN and the Future of Bitcoin. Bitzuma, 29 July 2014. Accessed on 4 August 2014
Andresen, G.: Core Development Update #5. Bitcoin Foundation, 24 October 2013. Accessed on 4 Aug 2014
Bradbury, D.: BlockSign Utilises Block Chain to Verify Signed Contracts. CoinDesk, 27 August 2014. Accessed on 27 August 2014
Counterparty: Pioneering Peer-to-Peer Finance. Accessed on 22 July 2014
Willet, J.R.: The Second Bitcoin Whitepaper, v. 0.5, January 2012. https://sites.google.com/site/2ndbtcwpaper/2ndBitcoinWhitepaper.pdf. Accessed on 22 July 2014
Kirk, J.: Could the Bitcoin Network be Used as an Ultrasecure Notary Service? PCWorld, 24 May 2013. Accessed on 27 August 2014
Bos, J.W., Halderman, J.A., Heninger, N., Moore, J., Naehrig, M., Wustrow, E.: Elliptic curve cryptography in practice. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 156–174. Springer, Heidelberg (2014). IACR Cryptology ePrint Archive
Clark, J., Essex, A.: CommitCoin: carbon dating commitments with bitcoin. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 390–398. Springer, Heidelberg (2012)
Simmons, G.J.: The prisoners problem and the subliminal channel. In: Chaum, D. (ed.) Advances in Cryptology, pp. 51–67. Springer, Cambridge (1984)
Simmons, G.J.: The subliminal channel and digital signatures. In: Beth, T., Cot, N., Ingemarsson, I. (eds.) EUROCRYPT 1984. LNCS, vol. 209, pp. 364–378. Springer, Heidelberg (1985)
BitcoinJ: A Java implementation of a Bitcoin client-only node. https://code.google.com/p/bitcoinj/
Nakamoto, S.: Bitcoin: A Peer-to-peer Electronic Cash System (2009). http://www.bitcoin.org/bitcoin.pdf. Accessed on 22 July 2014
Azure: Microsoft’s Cloud Platform. https://azure.microsoft.com/en-gb/
Mehdi, S.A., Khalid, J., Khayam, S.A.: Revisiting traffic anomaly detection using software defined networking. In: Sommer, R., Balzarotti, D., Maier, G. (eds.) RAID 2011. LNCS, vol. 6961, pp. 161–180. Springer, Heidelberg (2011)
Ford, R., Gordon, S.: Cent, five cent, ten cent, dollar: hitting botnets where it really hurts. In: Proceedings of the 2006 Workshop on New Security Paradigms, pp. 3–10. ACM (2006)
Franklin, J., Perrig, A., Paxson, V., Savage, S.: An inquiry into the nature and causes of the wealth of internet miscreants. In ACM Conference on Computer and Communications Security, pp. 375–388 (2007)
Li, Z., Liao, Q., Striegel, A.: Botnet economics: uncertainty matters. In: Johnson, M.E. (ed.) Managing Information Risk and the Economics of Security, pp. 245–267. Springer, New York (2009)
Porras, P., Saïdi, H., Yegneswaran, V.: A foray into confickers logic and rendezvous points. In: USENIX Workshop on Large-Scale Exploits and Emergent Threats (2009)
Holz, T., Steiner, M., Dahl, F., Biersack, E., Freiling, F.C.: Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm. In: Proceedings of the First USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), pp. 1–9 (2008)
Stock, B., Gobel, J., Engelberth, M., Freiling, F.C., Holz, T.: Walowdac-analysis of a peer-to-peer botnet. In: 2009 European Conference on Computer Network Defense (EC2ND), pp. 13–20. IEEE (2009)
Andriesse, D., Rossow, C., Stone-Gross, B., Plohmann, D., Bos, H.: Highly resilient peer-to-peer botnets are here: an analysis of gameover zeus. In: 2013 8th International Conference on Malicious and Unwanted Software: “The Americas” (MALWARE), pp. 116–123. IEEE (2013)
Cooke, E., Jahanian, F., McPherson, D.: The zombie roundup: understanding, detecting, and disrupting botnets. In: Proceedings of the USENIX SRUTI Workshop, vol. 39, p. 44 (2005)
Ramsbrock, D., Wang, X., Jiang, X.: A first step towards live botmaster traceback. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 59–77. Springer, Heidelberg (2008)
Gu, G., Zhang, J., Lee, W.: Botsniffer: detecting botnet command and control channels in network traffic. In: Proceedings of the 15th Annual Network and Distributed System Security Symposium, NDSS (2008)
Gu, G., Perdisci, R., Zhang, J., Lee, W. et al.: Botminer: clustering analysis of network traffic for protocol-and structure-independent botnet detection. In: USENIX Security Symposium, pp. 139–154 (2008)
Gu, G., Porras, P.A., Yegneswaran, V., Fong, M.W., Lee, W.: Bothunter: detecting malware infection through ids-driven dialog correlation. USENIX Secur. 7, 1–16 (2007)
Cho, C.Y., Caballero, J., Grier, C., Paxson, V., Song, D.: Insights from the inside: a view of botnet management from infiltration. In: USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET) (2010)
Khattak, S., Ramay, N., Khan, K., Syed, A., Khayam, S.: A Taxonomy of Botnet Behavior, Detection, and Defense. IEEE Commun. Surv. Tutor. 16(2), 898–924 (2014)
Silva, S.S.C., Silva, R.M.P., Pinto, R.C.G., Salles, R.M.: Botnets: a survey. Comput. Netw. 57(2), 378–403 (2013)
Starnberger, G., Kruegel, C., Kirda, E.: Overbot: a botnet protocol based on kademlia. In: Proceedings of the 4th International Conference on Security and Privacy in Communication Networks (SecureComm), p. 13. ACM (2008)
Nappa, A., Fattori, A., Balduzzi, M., Dell’Amico, M., Cavallaro, L.: Take a deep breath: a stealthy, resilient and cost-effective botnet using skype. In: Kreibich, C., Jahnke, M. (eds.) DIMVA 2010. LNCS, vol. 6201, pp. 81–100. Springer, Heidelberg (2010)
Whittaker, Z.: Skype ditched peer-to-peer supernodes for scalability, not surveillance 24 June 2013. http://www.zdnet.com/skype-ditched-peer-to-peer-supernodes-for-scalability-not-surveillance-7000017215/
Nagaraja, S., Houmansadr, A., Piyawongwisal, P., Singh, V., Agarwal, P., Borisov, N.: Stegobot: a covert social network botnet. In: Filler, T., Pevný, T., Craver, S., Ker, A. (eds.) IH 2011. LNCS, vol. 6958, pp. 299–313. Springer, Heidelberg (2011)
Zeng, Y., Shin, K.G., Hu, X.: Design of SMS commanded-and-controlled and P2P-structured mobile botnets. In: Proceedings of the Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), pp. 137–148 (2012)
Desimone, J., Johnson, D., Yuan, B., Lutz, P.: Covert channel in the bittorrent tracker protocol. In: International Conference on Security and Management. Rochester Institute of Technology (2012). http://scholarworks.rit.edu/other/300
Acknowledgements
This work is supported by the European Research Council (ERC) Starting Grant (No. 106591). The authors thank Hassaan Bashir, Mike Hearn, Pawel Widera, and Siamak Shahandashti for invaluable assistance with experiments and helpful comments.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 International Financial Cryptography Association
About this paper
Cite this paper
Ali, S.T., McCorry, P., Lee, P.HJ., Hao, F. (2015). ZombieCoin: Powering Next-Generation Botnets with Bitcoin. In: Brenner, M., Christin, N., Johnson, B., Rohloff, K. (eds) Financial Cryptography and Data Security. FC 2015. Lecture Notes in Computer Science(), vol 8976. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-48051-9_3
Download citation
DOI: https://doi.org/10.1007/978-3-662-48051-9_3
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-48050-2
Online ISBN: 978-3-662-48051-9
eBook Packages: Computer ScienceComputer Science (R0)