Peer-to-peer communications is increasing as a vehicle for malware attacks according to a report from a security vendor.
Damballa, an Atlanta-based maker of threat protection solutions for enterprises and service providers, said this week that P2P is popping up more as a way of obscuring command and control communications.
By having infected peers as server and host, hackers now have an “indestructible” communications structure that cannot be easily discovered from dynamic malware detonation or severed by shutting command and control servers, says the company.
“For the security industry and enterprise security teams, this means another shift in detection targerts,” says Damballa. Simply detecting static command and control addresses or call-back information from blacklists won’t be enough to discover threats in a network, the company says.
The report (click here
) is only four pages long but makes chilling reading of how the technique is used for rootkit-based threats ending in click fraud, in a banking Trojan that steals sensitive financial data and in a rootkit that infects master boot records in Windows systems.