by Himanshu Damle
Currently, bots are monitored and controlled by a botmaster, who issues commands. The transmission of theses commands, which are known as C&C messages, can be centralized, peer-to-peer or hybrid. In the centralized architecture the bots contact the C&C servers to receive instructions from the botmaster. In this construction the message propagation speed and convergence is faster, compared to the other architectures. It is easy to implement, maintain and monitor. However, it is limited by a single point of failure. Such botnets can be disrupted by taking down or blocking access to the C&C server. Many centralized botnets use IRC or HTTP as their communication channel. GT- Bots, Agobot/Phatbot, and clickbot.a are examples of such botnets. To evade detection and mitigation, attackers developed more sophisticated techniques to dynamically change the C&C servers, such as: Domain Generation Algorithm (DGA) and fast-fluxing (single flux, double flux).
Single-fluxing is a special case of fast-flux method. It maps multiple (hundreds or even thousands) IP addresses to a domain name. These IP addresses are registered and de-registered at rapid speed, therefore the name fast-flux. These IPs are mapped to particular domain names (e.g., DNS A records) with very short TTL values in a round robin fashion. Double-fluxing is an evolution of single-flux technique, it fluxes both IP addresses of the associated fully qualified domain names (FQDN) and the IP address of the responsible DNS servers (NS records). These DNS servers are then used to translate the FQDNs to their corresponding IP addresses. This technique provides an additional level of protection and redundancy. Domain Generation Algorithms (DGA), are the algorithms used to generate a list of domains for botnets to contact their C&C. The large number of possible domain names makes it difficult for law enforcements to shut them down. Torpig and Conficker are famous examples of these botnets.
A significant amount of research focuses on the detection of malicious activities from the network perspective, since the traffic is not anonymized. BotFinder uses the high-level properties of the bot’s network traffic and employs machine learning to identify the key features of C&C communications. DISCLOSURE uses features from NetFlow data (e.g., flow sizes, client access patterns, and temporal behavior) to distinguish C&C channels.
The next step in the arms race between attackers and defenders was moving from a centralized scheme to a peer-to-peer C&C. Some of these botnets use an already existing peer-to-peer protocol, while others use customized protocols. For example earlier versions of Storm used Overnet, and the new versions use a customized version of Overnet, called Stormnet. Meanwhile other botnets such as Walowdac and Gameover Zeus organize their communication channels in different layers….(onionbots Subverting Privacy Infrastructure for Cyber Attacks)
Speculating Freedom: Addiction, Control and Rescriptive Subjectivity in the Work of William S. Burroughs
Jose Rosales - ON THE END OF HISTORY & THE DEATH OF DESIRE (NOTES ON TIME AND NEGATIVITY IN BATAILLE’S ‘LETTRE Á X.’)
Jose Rosales - BERGSONIAN SCIENCE-FICTION: KODWO ESHUN, GILLES DELEUZE, & THINKING THE REALITY OF TIME
Obsolete Capitalism - THE STRONG OF THE FUTURE. NIETZSCHE’S ACCELERATIONIST FRAGMENT IN DELEUZE AND GUATTARI’S ANTI-OEDIPUS
Obsolete Capitalism - Acceleration, Revolution and Money in Deleuze and Guattari's Anti-OEdipus (Part 1)
Obsolete Capitalism - Acceleration, Revolution and Money in Deleuze and Guattari's Anti-OEdipus (Part 2)
Obsolete Capitalism: Acceleration, Revolution and Money in Deleuze and Guattari's Anti-OEdipus (Part 3)
Obsolete Capitalism - Acceleration, Revolution and Money in Deleuze and Guattari's Anti-OEdipus (Part 4)
Obsolete Capitalism: Acceleration, Revolution and Money in Deleuze and Guattari's Anti-OEdipus (Part 5)
Steven Craig Hickman - The Carnival of Globalisation: Hyperstition, Surveillance, and the Empire of Reason
Steven Craig Hickman - Shaviro On The Neoliberal Strategy: Transgression and Accelerationist Aesthetics
Steven Craig Hickman - Hyperstition: Technorevisionism – Influencing, Modifying and Updating Reality
Terence Blake - CONCEPTS OUT OF THE SHADOWS: Notes on Deleuze and Guattari’s “What is Philosophy?” (2)
Terence Blake - GUATTARI’S LINES OF FLIGHT (2): transversal vs transferential approaches to the reading contract
Himanshu Damle - Games and Virtual Environments: Playing in the Dark. Could These be Havens for Criminal Networks?
Himanshu Damle - Hegelian Marxism of Lukács: Philosophy as Systematization of Ideology and Politics as Manipulation of Ideology.
Nick Land - The unconscious is not an aspirational unity but an operative swarm, a population of 'preindividual and prepersonal singularities'