Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Published in:
On the Malleability of Bitcoin Transactions Read chapter Read first chapter

2015 | OriginalPaper | Chapter

ZombieCoin: Powering Next-Generation Botnets with Bitcoin

Authors : Syed Taha Ali, Patrick McCorry, Peter Hyun-Jeen Lee, Feng Hao

Published in: Financial Cryptography and Data Security

Publisher: Springer Berlin Heidelberg

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

Botnets are the preeminent source of online crime and arguably the greatest threat to the Internet infrastructure. In this paper, we present ZombieCoin, a botnet command-and-control (C&C) mechanism that runs on the Bitcoin network. ZombieCoin offers considerable advantages over existing C&C techniques, most notably the fact that Bitcoin is designed to resist the very regulatory processes currently used to combat botnets. We believe this is a desirable avenue botmasters may explore in the near future and our work is intended as a first step towards devising effective countermeasures.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
previous chapter Trends, Tips, Tolls: A Longitudinal Study of Bitcoin Transaction Fees
next chapter Cuckoo Cycle: A Memory Bound Graph-Theoretic Proof-of-Work
Footnotes
1
Bitcoin technically provides pseudonymity, a weaker form of anonymity, in that Bitcoin addresses are not tied to identity and it is trivial to generate new addresses.
 
Literature
1.
Weber, T.: Criminals ‘may overwhelm the web’. BBC Home, 25 January 2007. Accessed on 22 July 2014
2.
Dittrich, D.: So you want to take over a botnet. In: Proceedings of the 5th USENIX Conference on Large-Scale Exploits and Emergent Threats, pp. 6–6. USENIX Association (2012)
3.
Stevenson, A.: Botnets infecting 18 systems per second, warns FBI. V3.co.uk, 16 July 2014. Accessed on 22 July 2014
4.
5.
Vincent, J.: Could your fridge send you spam? security researchers report ‘internet of things’ botnet. The Independent, 20 January 2014. Accessed on 22 July 2014
6.
Bustillos, M.: The Bitcoin Boom. The New Yorker, April 2013. Accessed on 22 July 2014
7.
Young, A., Yung, M.: Malicious Cryptography: Exposing Cryptovirology. John Wiley & Sons, Chichester (2004)
8.
ICT-FORWARD Consortium. FORWARD: Managing Emerging Threats in ICT Infrastructures, 2007–2008. Accessed on 22 July 2014
9.
Barford, P., Yegneswaran, V.: An inside look at botnets. In: Christodorescu, M., Jha, S., Maughan, D., Song, D., Wang, C. (eds.) Malware Detection. Advances in Information Security, vol. 27, pp. 171–191. Springer, New York (2007)CrossRef
10.
Westervelt, R.: Botnet Masters Turn to Google, Social Networks to Avoid Detection. TechTarget, 10 November 2009. Accessed on 4 Aug 2014
11.
Bowden, M.: Worm: The First Digital World War. Atlantic Monthly Press, New York (2011)
12.
Stone-Gross, B., Cova, M., Cavallaro, L., Gilbert, B., Szydlowski, M., Kemmerer, R., Kruegel, C., Vigna, G.: Your botnet is my botnet: analysis of a botnet takeover. In: Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS), pp. 635–647. ACM (2009)
13.
Wang, P., Sparks, S., Zou, C.C.: An advanced hybrid peer-to-peer botnet. IEEE Trans. Dependable Sec. Comput. 7(2), 113–127 (2010)CrossRef
14.
Neville, A., Gibb, R.: Security response: zeroaccess indepth. White paper, Symantec, 4 October 2013
15.
Prince, B.: Flashback botnet updated to include twitter as C&C. SecurityWeek, 30 April 2012. Accessed on 22 July 2014
16.
17.
Kovacs, E.: RAT Abuses Yahoo Mail for C&C Communications. SecurityWeek, 4 August 2014. Accessed on 4 August 2014
18.
Katsuki, T.: Malware Targeting Windows 8 Uses Google Docs. Symantec Official Blog, 16 November 2012. Accessed on 4 August 2014
19.
Gallagher, S.: Evernote: So useful, even malware loves it. Ars Technica, 27 March 2013. Accessed on 4 August 2014
20.
Protocol Specification. Bitcoin Wiki. Accessed 22 July 2014
21.
Apodaca, R.L.: OP\_RETURN and the Future of Bitcoin. Bitzuma, 29 July 2014. Accessed on 4 August 2014
22.
Andresen, G.: Core Development Update #5. Bitcoin Foundation, 24 October 2013. Accessed on 4 Aug 2014
23.
Bradbury, D.: BlockSign Utilises Block Chain to Verify Signed Contracts. CoinDesk, 27 August 2014. Accessed on 27 August 2014
24.
Counterparty: Pioneering Peer-to-Peer Finance. Accessed on 22 July 2014
25.
26.
Kirk, J.: Could the Bitcoin Network be Used as an Ultrasecure Notary Service? PCWorld, 24 May 2013. Accessed on 27 August 2014
27.
Bos, J.W., Halderman, J.A., Heninger, N., Moore, J., Naehrig, M., Wustrow, E.: Elliptic curve cryptography in practice. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 156–174. Springer, Heidelberg (2014). IACR Cryptology ePrint Archive
28.
Clark, J., Essex, A.: CommitCoin: carbon dating commitments with bitcoin. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 390–398. Springer, Heidelberg (2012) CrossRef
29.
Simmons, G.J.: The prisoners problem and the subliminal channel. In: Chaum, D. (ed.) Advances in Cryptology, pp. 51–67. Springer, Cambridge (1984) CrossRef
30.
Simmons, G.J.: The subliminal channel and digital signatures. In: Beth, T., Cot, N., Ingemarsson, I. (eds.) EUROCRYPT 1984. LNCS, vol. 209, pp. 364–378. Springer, Heidelberg (1985) CrossRef
31.
32.
33.
34.
Mehdi, S.A., Khalid, J., Khayam, S.A.: Revisiting traffic anomaly detection using software defined networking. In: Sommer, R., Balzarotti, D., Maier, G. (eds.) RAID 2011. LNCS, vol. 6961, pp. 161–180. Springer, Heidelberg (2011) CrossRef
35.
Ford, R., Gordon, S.: Cent, five cent, ten cent, dollar: hitting botnets where it really hurts. In: Proceedings of the 2006 Workshop on New Security Paradigms, pp. 3–10. ACM (2006)
36.
Franklin, J., Perrig, A., Paxson, V., Savage, S.: An inquiry into the nature and causes of the wealth of internet miscreants. In ACM Conference on Computer and Communications Security, pp. 375–388 (2007)
37.
Li, Z., Liao, Q., Striegel, A.: Botnet economics: uncertainty matters. In: Johnson, M.E. (ed.) Managing Information Risk and the Economics of Security, pp. 245–267. Springer, New York (2009) CrossRef
38.
Porras, P., Saïdi, H., Yegneswaran, V.: A foray into confickers logic and rendezvous points. In: USENIX Workshop on Large-Scale Exploits and Emergent Threats (2009)
39.
Holz, T., Steiner, M., Dahl, F., Biersack, E., Freiling, F.C.: Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm. In: Proceedings of the First USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), pp. 1–9 (2008)
40.
Stock, B., Gobel, J., Engelberth, M., Freiling, F.C., Holz, T.: Walowdac-analysis of a peer-to-peer botnet. In: 2009 European Conference on Computer Network Defense (EC2ND), pp. 13–20. IEEE (2009)
41.
Andriesse, D., Rossow, C., Stone-Gross, B., Plohmann, D., Bos, H.: Highly resilient peer-to-peer botnets are here: an analysis of gameover zeus. In: 2013 8th International Conference on Malicious and Unwanted Software: “The Americas” (MALWARE), pp. 116–123. IEEE (2013)
42.
Cooke, E., Jahanian, F., McPherson, D.: The zombie roundup: understanding, detecting, and disrupting botnets. In: Proceedings of the USENIX SRUTI Workshop, vol. 39, p. 44 (2005)
43.
Ramsbrock, D., Wang, X., Jiang, X.: A first step towards live botmaster traceback. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 59–77. Springer, Heidelberg (2008) CrossRef
44.
Gu, G., Zhang, J., Lee, W.: Botsniffer: detecting botnet command and control channels in network traffic. In: Proceedings of the 15th Annual Network and Distributed System Security Symposium, NDSS (2008)
45.
Gu, G., Perdisci, R., Zhang, J., Lee, W. et al.: Botminer: clustering analysis of network traffic for protocol-and structure-independent botnet detection. In: USENIX Security Symposium, pp. 139–154 (2008)
46.
Gu, G., Porras, P.A., Yegneswaran, V., Fong, M.W., Lee, W.: Bothunter: detecting malware infection through ids-driven dialog correlation. USENIX Secur. 7, 1–16 (2007)
47.
Cho, C.Y., Caballero, J., Grier, C., Paxson, V., Song, D.: Insights from the inside: a view of botnet management from infiltration. In: USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET) (2010)
48.
Khattak, S., Ramay, N., Khan, K., Syed, A., Khayam, S.: A Taxonomy of Botnet Behavior, Detection, and Defense. IEEE Commun. Surv. Tutor. 16(2), 898–924 (2014)CrossRef
49.
Silva, S.S.C., Silva, R.M.P., Pinto, R.C.G., Salles, R.M.: Botnets: a survey. Comput. Netw. 57(2), 378–403 (2013)CrossRef
50.
Starnberger, G., Kruegel, C., Kirda, E.: Overbot: a botnet protocol based on kademlia. In: Proceedings of the 4th International Conference on Security and Privacy in Communication Networks (SecureComm), p. 13. ACM (2008)
51.
Nappa, A., Fattori, A., Balduzzi, M., Dell’Amico, M., Cavallaro, L.: Take a deep breath: a stealthy, resilient and cost-effective botnet using skype. In: Kreibich, C., Jahnke, M. (eds.) DIMVA 2010. LNCS, vol. 6201, pp. 81–100. Springer, Heidelberg (2010) CrossRef
52.
53.
Nagaraja, S., Houmansadr, A., Piyawongwisal, P., Singh, V., Agarwal, P., Borisov, N.: Stegobot: a covert social network botnet. In: Filler, T., Pevný, T., Craver, S., Ker, A. (eds.) IH 2011. LNCS, vol. 6958, pp. 299–313. Springer, Heidelberg (2011) CrossRef
54.
Zeng, Y., Shin, K.G., Hu, X.: Design of SMS commanded-and-controlled and P2P-structured mobile botnets. In: Proceedings of the Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), pp. 137–148 (2012)
55.
Metadata
Title
ZombieCoin: Powering Next-Generation Botnets with Bitcoin
Authors
Syed Taha Ali
Patrick McCorry
Peter Hyun-Jeen Lee
Feng Hao
Copyright Year
2015
Publisher
Springer Berlin Heidelberg
Book
Financial Cryptography and Data Security

Print ISBN: 978-3-662-48050-2

Electronic ISBN: 978-3-662-48051-9

Copyright Year: 2015

DOI
https://doi.org/10.1007/978-3-662-48051-9_3

Premium Partner

    Image Credits