The Anatomy of P2P Botnets

  • Shankar Karuppayah
Part of the SpringerBriefs on Cyber Security Systems and Networks book series (BRIEFSCSSN)


This chapter provides an in-depth analysis on the anatomy of three P2P botnets that are focused in this book; GameOver Zeus, Sality and ZeroAccess. This analysis is partly done based on own reverse-engineering work as well as based on the work of other collaborators that have thoroughly studied botnets such as GameOver Zeus. Besides explaining the inner-workings of each botnet’s membership management mechanism, this chapter also describes the anti-monitoring mechanisms that are employed by the botnets to impede botnet monitoring attempts. The information provided in this chapter not only useful for the remaining part of this book, but is also able to provide a glimpse of the advancements of existing botnets to the readers.


  1. 1.
    Andriesse, D., Rossow, C., Stone-Gross, B., Plohmann, D., Bos, H.: Highly resilient Peer-to-Peer botnets are here: an analysis of Gameover Zeus. In: International Conference on Malicious and Unwanted Software: The Americas (2013)Google Scholar
  2. 2. Zeus Gets More Sophisticated Using P2P Techniques (2011)Google Scholar
  3. 3.
    Polska, C.E.R.T.: Zeus-P2P monitoring and analysis. Technical report, CERT Polska (2013)Google Scholar
  4. 4.
    Rossow, C., Andriesse, D., Werner, T., Stone-gross, B., Plohmann, D., Dietrich, C.J., Bos, H., Secureworks, D.: P2PWNED: modeling and evaluating the resilience of Peer-to-Peer botnets. In: IEEE Symposium on Security and Privacy (2013)Google Scholar
  5. 5.
    Karuppayah, S., Roos, S., Rossow, C., Mühlhäuser, M., Fischer, M.: ZeusMilker: circumventing the P2P Zeus neighbor list restriction mechanism. In: IEEE International Conference on Distributed Computing Systems (ICDCS) (2015)Google Scholar
  6. 6.
    Falliere, N.: Sality: Story of a Peer-to-Peer Viral Network. Technical report, Symantec (2011)Google Scholar
  7. 7.
    Kleissner, P.: Sality. In: Botconf (2015)Google Scholar
  8. 8.
    Neville, A., Gibb, R.: ZeroAccess Indepth. Symantec Security Response (2013)Google Scholar
  9. 9.
    Symantec: Grappling with the ZeroAccess Botnet (2013)Google Scholar
  10. 10.
    Wyke, J.: The ZeroAccess BotnetMining and Fraud for Massive Financial Gain.Sophos Technical Paper (2012)Google Scholar

Copyright information

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd., part of Springer Nature 2018

Authors and Affiliations

  1. 1.National Advanced IPv6 Centre (NAv6)Universiti Sains MalaysiaUSM, PenangMalaysia

Personalised recommendations