Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Bücher
Zeitschriften
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
MTZ-Fachkongress

Antriebe und Energiesysteme von morgen


Austausch von Automobil- und Energiewirtschaft

Am 14./15. Mai geht es in Chemnitz um die Mobilitätswende durch Elektro- und Wasserstofffahrzeuge.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
On the Malleability of Bitcoin Transactions Kapitel lesen Erstes Kapitel lesen

2015 | OriginalPaper | Buchkapitel

ZombieCoin: Powering Next-Generation Botnets with Bitcoin

verfasst von : Syed Taha Ali, Patrick McCorry, Peter Hyun-Jeen Lee, Feng Hao

Erschienen in: Financial Cryptography and Data Security

Verlag: Springer Berlin Heidelberg

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Botnets are the preeminent source of online crime and arguably the greatest threat to the Internet infrastructure. In this paper, we present ZombieCoin, a botnet command-and-control (C&C) mechanism that runs on the Bitcoin network. ZombieCoin offers considerable advantages over existing C&C techniques, most notably the fact that Bitcoin is designed to resist the very regulatory processes currently used to combat botnets. We believe this is a desirable avenue botmasters may explore in the near future and our work is intended as a first step towards devising effective countermeasures.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Trends, Tips, Tolls: A Longitudinal Study of Bitcoin Transaction Fees
Nächstes Kapitel Cuckoo Cycle: A Memory Bound Graph-Theoretic Proof-of-Work
Fußnoten
1
Bitcoin technically provides pseudonymity, a weaker form of anonymity, in that Bitcoin addresses are not tied to identity and it is trivial to generate new addresses.
 
Literatur
1.
Weber, T.: Criminals ‘may overwhelm the web’. BBC Home, 25 January 2007. Accessed on 22 July 2014
2.
Dittrich, D.: So you want to take over a botnet. In: Proceedings of the 5th USENIX Conference on Large-Scale Exploits and Emergent Threats, pp. 6–6. USENIX Association (2012)
3.
Stevenson, A.: Botnets infecting 18 systems per second, warns FBI. V3.co.uk, 16 July 2014. Accessed on 22 July 2014
4.
5.
Vincent, J.: Could your fridge send you spam? security researchers report ‘internet of things’ botnet. The Independent, 20 January 2014. Accessed on 22 July 2014
6.
Bustillos, M.: The Bitcoin Boom. The New Yorker, April 2013. Accessed on 22 July 2014
7.
Young, A., Yung, M.: Malicious Cryptography: Exposing Cryptovirology. John Wiley & Sons, Chichester (2004)
8.
ICT-FORWARD Consortium. FORWARD: Managing Emerging Threats in ICT Infrastructures, 2007–2008. Accessed on 22 July 2014
9.
Barford, P., Yegneswaran, V.: An inside look at botnets. In: Christodorescu, M., Jha, S., Maughan, D., Song, D., Wang, C. (eds.) Malware Detection. Advances in Information Security, vol. 27, pp. 171–191. Springer, New York (2007)CrossRef
10.
Westervelt, R.: Botnet Masters Turn to Google, Social Networks to Avoid Detection. TechTarget, 10 November 2009. Accessed on 4 Aug 2014
11.
Bowden, M.: Worm: The First Digital World War. Atlantic Monthly Press, New York (2011)
12.
Stone-Gross, B., Cova, M., Cavallaro, L., Gilbert, B., Szydlowski, M., Kemmerer, R., Kruegel, C., Vigna, G.: Your botnet is my botnet: analysis of a botnet takeover. In: Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS), pp. 635–647. ACM (2009)
13.
Wang, P., Sparks, S., Zou, C.C.: An advanced hybrid peer-to-peer botnet. IEEE Trans. Dependable Sec. Comput. 7(2), 113–127 (2010)CrossRef
14.
Neville, A., Gibb, R.: Security response: zeroaccess indepth. White paper, Symantec, 4 October 2013
15.
Prince, B.: Flashback botnet updated to include twitter as C&C. SecurityWeek, 30 April 2012. Accessed on 22 July 2014
16.
17.
Kovacs, E.: RAT Abuses Yahoo Mail for C&C Communications. SecurityWeek, 4 August 2014. Accessed on 4 August 2014
18.
Katsuki, T.: Malware Targeting Windows 8 Uses Google Docs. Symantec Official Blog, 16 November 2012. Accessed on 4 August 2014
19.
Gallagher, S.: Evernote: So useful, even malware loves it. Ars Technica, 27 March 2013. Accessed on 4 August 2014
20.
Protocol Specification. Bitcoin Wiki. Accessed 22 July 2014
21.
Apodaca, R.L.: OP\_RETURN and the Future of Bitcoin. Bitzuma, 29 July 2014. Accessed on 4 August 2014
22.
Andresen, G.: Core Development Update #5. Bitcoin Foundation, 24 October 2013. Accessed on 4 Aug 2014
23.
Bradbury, D.: BlockSign Utilises Block Chain to Verify Signed Contracts. CoinDesk, 27 August 2014. Accessed on 27 August 2014
24.
Counterparty: Pioneering Peer-to-Peer Finance. Accessed on 22 July 2014
25.
26.
Kirk, J.: Could the Bitcoin Network be Used as an Ultrasecure Notary Service? PCWorld, 24 May 2013. Accessed on 27 August 2014
27.
Bos, J.W., Halderman, J.A., Heninger, N., Moore, J., Naehrig, M., Wustrow, E.: Elliptic curve cryptography in practice. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 156–174. Springer, Heidelberg (2014). IACR Cryptology ePrint Archive
28.
Clark, J., Essex, A.: CommitCoin: carbon dating commitments with bitcoin. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 390–398. Springer, Heidelberg (2012) CrossRef
29.
Simmons, G.J.: The prisoners problem and the subliminal channel. In: Chaum, D. (ed.) Advances in Cryptology, pp. 51–67. Springer, Cambridge (1984) CrossRef
30.
Simmons, G.J.: The subliminal channel and digital signatures. In: Beth, T., Cot, N., Ingemarsson, I. (eds.) EUROCRYPT 1984. LNCS, vol. 209, pp. 364–378. Springer, Heidelberg (1985) CrossRef
31.
32.
33.
34.
Mehdi, S.A., Khalid, J., Khayam, S.A.: Revisiting traffic anomaly detection using software defined networking. In: Sommer, R., Balzarotti, D., Maier, G. (eds.) RAID 2011. LNCS, vol. 6961, pp. 161–180. Springer, Heidelberg (2011) CrossRef
35.
Ford, R., Gordon, S.: Cent, five cent, ten cent, dollar: hitting botnets where it really hurts. In: Proceedings of the 2006 Workshop on New Security Paradigms, pp. 3–10. ACM (2006)
36.
Franklin, J., Perrig, A., Paxson, V., Savage, S.: An inquiry into the nature and causes of the wealth of internet miscreants. In ACM Conference on Computer and Communications Security, pp. 375–388 (2007)
37.
Li, Z., Liao, Q., Striegel, A.: Botnet economics: uncertainty matters. In: Johnson, M.E. (ed.) Managing Information Risk and the Economics of Security, pp. 245–267. Springer, New York (2009) CrossRef
38.
Porras, P., Saïdi, H., Yegneswaran, V.: A foray into confickers logic and rendezvous points. In: USENIX Workshop on Large-Scale Exploits and Emergent Threats (2009)
39.
Holz, T., Steiner, M., Dahl, F., Biersack, E., Freiling, F.C.: Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm. In: Proceedings of the First USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), pp. 1–9 (2008)
40.
Stock, B., Gobel, J., Engelberth, M., Freiling, F.C., Holz, T.: Walowdac-analysis of a peer-to-peer botnet. In: 2009 European Conference on Computer Network Defense (EC2ND), pp. 13–20. IEEE (2009)
41.
Andriesse, D., Rossow, C., Stone-Gross, B., Plohmann, D., Bos, H.: Highly resilient peer-to-peer botnets are here: an analysis of gameover zeus. In: 2013 8th International Conference on Malicious and Unwanted Software: “The Americas” (MALWARE), pp. 116–123. IEEE (2013)
42.
Cooke, E., Jahanian, F., McPherson, D.: The zombie roundup: understanding, detecting, and disrupting botnets. In: Proceedings of the USENIX SRUTI Workshop, vol. 39, p. 44 (2005)
43.
Ramsbrock, D., Wang, X., Jiang, X.: A first step towards live botmaster traceback. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 59–77. Springer, Heidelberg (2008) CrossRef
44.
Gu, G., Zhang, J., Lee, W.: Botsniffer: detecting botnet command and control channels in network traffic. In: Proceedings of the 15th Annual Network and Distributed System Security Symposium, NDSS (2008)
45.
Gu, G., Perdisci, R., Zhang, J., Lee, W. et al.: Botminer: clustering analysis of network traffic for protocol-and structure-independent botnet detection. In: USENIX Security Symposium, pp. 139–154 (2008)
46.
Gu, G., Porras, P.A., Yegneswaran, V., Fong, M.W., Lee, W.: Bothunter: detecting malware infection through ids-driven dialog correlation. USENIX Secur. 7, 1–16 (2007)
47.
Cho, C.Y., Caballero, J., Grier, C., Paxson, V., Song, D.: Insights from the inside: a view of botnet management from infiltration. In: USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET) (2010)
48.
Khattak, S., Ramay, N., Khan, K., Syed, A., Khayam, S.: A Taxonomy of Botnet Behavior, Detection, and Defense. IEEE Commun. Surv. Tutor. 16(2), 898–924 (2014)CrossRef
49.
Silva, S.S.C., Silva, R.M.P., Pinto, R.C.G., Salles, R.M.: Botnets: a survey. Comput. Netw. 57(2), 378–403 (2013)CrossRef
50.
Starnberger, G., Kruegel, C., Kirda, E.: Overbot: a botnet protocol based on kademlia. In: Proceedings of the 4th International Conference on Security and Privacy in Communication Networks (SecureComm), p. 13. ACM (2008)
51.
Nappa, A., Fattori, A., Balduzzi, M., Dell’Amico, M., Cavallaro, L.: Take a deep breath: a stealthy, resilient and cost-effective botnet using skype. In: Kreibich, C., Jahnke, M. (eds.) DIMVA 2010. LNCS, vol. 6201, pp. 81–100. Springer, Heidelberg (2010) CrossRef
52.
53.
Nagaraja, S., Houmansadr, A., Piyawongwisal, P., Singh, V., Agarwal, P., Borisov, N.: Stegobot: a covert social network botnet. In: Filler, T., Pevný, T., Craver, S., Ker, A. (eds.) IH 2011. LNCS, vol. 6958, pp. 299–313. Springer, Heidelberg (2011) CrossRef
54.
Zeng, Y., Shin, K.G., Hu, X.: Design of SMS commanded-and-controlled and P2P-structured mobile botnets. In: Proceedings of the Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), pp. 137–148 (2012)
55.
Metadaten
Titel
ZombieCoin: Powering Next-Generation Botnets with Bitcoin
verfasst von
Syed Taha Ali
Patrick McCorry
Peter Hyun-Jeen Lee
Feng Hao
Copyright-Jahr
2015
Verlag
Springer Berlin Heidelberg
Buch
Financial Cryptography and Data Security

Print ISBN: 978-3-662-48050-2

Electronic ISBN: 978-3-662-48051-9

Copyright-Jahr: 2015

DOI
https://doi.org/10.1007/978-3-662-48051-9_3

Premium Partner

    Bildnachweise