Top

Published in:

2020 | OriginalPaper | Chapter

CoinBot: A Covert Botnet in the Cryptocurrency Network

Authors : Jie Yin, Xiang Cui, Chaoge Liu, Qixu Liu, Tao Cui, Zhi Wang

Published in: Information and Communications Security

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Cryptocurrencies are a new form of digital asset and are being widely used throughout the world. A variety of cryptocurrency-based botnets have been proposed and developed to utilize cryptocurrencies as new command and control (C&C) platforms. Most existing cryptocurrency-based botnets are bonded with the cryptocurrency client, which generates abnormal P2P traffic that can be easily detected and blocked. In addition, the commands embedded in transaction records can be easily traced, since the transaction records in a cryptocurrency network are usually publicly available. In this paper, we propose CoinBot, a novel botnet that based on the cryptocurrency networks. CoinBot is characterized by low cost, high resilience, stealthiness, and anti-traceability. Different from other cryptocurrency-based botnet, CoinBot utilizes Web2.0 services to achieve a dynamic addressing service for obtaining commands. As such, there is no need to run a cryptocurrency wallet application and hardcode a botmaster’s sensitive information in CoinBot, and the communications between the botmaster and the bots are hidden under legitimate HTTP/S traffic. Furthermore, we propose a cleaning scheme to prevent commands from being permanently recorded in the blockchain, thereby decreasing the risk of channel exposure. CoinBot is a generic model that can be applied to different kinds of cryptocurrency networks. We believe this model will be highly attractive to botmasters and could pose a considerable threat to cybersecurity. Therefore, we provide defensive suggestions to mitigate similar threats in the future.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Tree-Based Ring-LWE Group Key Exchanges with Logarithmic Complexity

next chapter A Symbolic Model for Systematically Analyzing TEE-Based Protocols

Bailey, M., Cooke, E., Jahanian, F., et al.: A survey of botnet technology and defenses. In: Conference for Homeland Security, CATCH 2009. Cybersecurity Applications & Technology, pp. 299–304. IEEE (2009)

Wang, P., Aslam, B., Zou, C.: Peer-to-peer botnets. In: Stavroulakis, P., Stamp, M. (eds.) Handbook of Information and Communication Security, pp. 335–350. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-04117-4_18CrossRef

Trend Micro Cyber Safety Solutions Team. Glupteba Campaign Hits Network Routers and Updates C&C Servers with Data from Bitcoin Transactions. [EB/OL] (2019). https://blog.trendmicro.com/trendlabs-security-intelligence/glupteba-campaign-hits-network-routers-and-updates-cc-servers-with-data-from-bitcoin-transactions/

Ali, S.T., McCorry, P., Lee, P.H.-J., Hao, F.: ZombieCoin: powering next-generation botnets with bitcoin. In: Brenner, M., Christin, N., Johnson, B., Rohloff, K. (eds.) FC 2015. LNCS, vol. 8976, pp. 34–48. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48051-9_3CrossRef

Sweeny, J.: Botnet Resiliency via Private Blockchains, from the SANS Institute Reading Room (2017). https://www.sans.org/reading-room/whitepapers/covert/paper/38050

Frkat, D., Annessi, R., Zseby, T.: ChainChannels: private botnet communication over public blockchains. In: 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), pp. 1244–1252. IEEE (2018)

Sharifnya, R., Abadi, M.: DFBotKiller: domain-flux botnet detection based on the history of group activities and failures in DNS traffic. Digit. Invest. 12, 15–26 (2015)CrossRef

Kang, B.B.H., Chan-Tin, E., Lee, C.P., et al.: Towards complete node enumeration in a peer-to-peer botnet. In: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, pp. 23–34 (2009)

Thomas, K., Nicol, D.M.: The Koobface botnet and the rise of social malware. In: 2010 5th International Conference on Malicious and Unwanted Software (MALWARE), pp. 63–70. IEEE (2010)

10.

Vo, N.H., Pieprzyk, J.: Protecting web 2.0 services from botnet exploitations. In: 2010 Second Cybercrime and Trustworthy Computing Workshop (CTC), pp. 18–28. IEEE (2010)

11.

Lee, S., Kim, J.: Fluxing botnet command and control channels with URL shortening services. Comput. Commun. 36(3), 320–332 (2013)CrossRef

12.

Yin, J., Lv, H., Zhang, F., Tian, Z., Cui, X.: Study on advanced botnet based on publicly available resources. In: Naccache, D., et al. (eds.) ICICS 2018. LNCS, vol. 11149, pp. 57–74. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-01950-1_4CrossRef

13.

Chohan, U.W.: Cryptocurrencies: a brief thematic review (2017)

14.

Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008)

15.

CoinMarketCap [EB/OL]. https://coinmarketcap.com/

16.

Narayanan, A., Bonneau, J., Felten, E., et al.: Bitcoin and Cryptocurrency Technologies: a Comprehensive Introduction. Princeton University Press (2016)

17.

Apodaca, R.: OP RETURN and the Future of Bitcoin. Bitzuma, 29 July 2014

18.

Bartoletti, M., Pompianu, L.: An analysis of bitcoin OP_RETURN metadata. In: Brenner, M., et al. (eds.) FC 2017. LNCS, vol. 10323, pp. 218–230. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70278-0_14CrossRef

19.

Wood, G.: Ethereum: a secure decentralised generalised transaction ledger. Ethereum Proj. Yellow Pap. 2014(151), 1–32 (2014)

20.

Daza, V.: Leveraging bitcoin testnet for bidirectional botnet command and control systems

21.

Zhong, Y., Zhou, A., Zhang, L., et al.: DUSTBot: a duplex and stealthy P2P-based botnet in the Bitcoin network. PloS One 14(12) (2019)

22.

Kurt, A., Erdin, E., Cebe, M., et al.: LNBot: a covert hybrid botnet on bitcoin lightning network for fun and profit. arXiv, 2019: arXiv:1912.10617 (2019)

23.

Tian, J., Gou, G., Liu, C., Chen, Y., Xiong, G., Li, Z.: DLchain: a covert channel over blockchain based on dynamic labels. In: Zhou, J., Luo, X., Shen, Q., Xu, Z. (eds.) ICICS 2019. LNCS, vol. 11999, pp. 814–830. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-41579-2_47CrossRef

24.

Neumann, A., Barnickel, J., Meyer, U.: Security and privacy implications of URL shortening services. In: Proceedings of the Workshop on Web 2.0 Security and Privacy (2010)

25.

Plohmann, D., Yakdan, K., Klatt, M., et al.: A comprehensive measurement study of domain generating malware. In: 25th USENIX Security Symposium (USENIX Security 2016), pp. 263–278 (2016)

26.

Stone-Gross, B., Cova, M., Cavallaro, L., et al.: Your botnet is my botnet: analysis of a botnet takeover. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 635–647. ACM (2009)

27.

BlockCypher API. https://www.blockcypher.com/dev/

Title: CoinBot: A Covert Botnet in the Cryptocurrency Network
Authors: Jie Yin
Xiang Cui
Chaoge Liu
Qixu Liu
Tao Cui
Zhi Wang
Publisher: Springer International Publishing
Book: Information and Communications Security
Print ISBN: 978-3-030-61077-7

Electronic ISBN: 978-3-030-61078-4

Copyright Year: 2020
DOI: https://doi.org/10.1007/978-3-030-61078-4_7

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner