P2P worms get their turn

Massive networks of infected computers controlled by attackers worldwide will serve as a powerful engine for the new breed of so-called P2P worm that is currently echoing across cyberspace.

Security experts have predicted over the last several years that botnets of hijacked PCs would pose one of the staunchest challenges faced by the IT community as criminals discovered new ways to use them to deliver attacks.

The rapid takeoff of the so-called Storm worm -- which many researchers have said is more accurately identified as a Trojan threat based on the fact that it uses botnet commands to spread itself instead of doing so independently -- likely represents the beginning of a new wave of activity supported by the captive infrastructure, according to researchers.

The attacks have more recently gained the additional P2P identification for their ability to contact external control servers using private peer-to-peer networks.

The confluence of more sophisticated botnet technologies and a wider audience of customers seeking to capitalize on the compromised computers has created a burgeoning economy that will make the threats harder to stamp out quickly, said Jose Nazario, senior software engineer at network security specialist Arbor Networks.

As malware writers, adware distributors, and fraudsters pool access to botnets and look for new ways to cash in on the systems, large-scale attacks like Storm, which mimics more traditional worm activity with its rapid-rate of propagation via spam, will rise to the top, according to the expert.

"The ease-of-use of the botnet technologies is increasing rapidly because the people building the botnets are reaching out for more customers, and they have to make their systems simpler to use," Nazario said. "They've also figured out ways to sell their botnets for a lot of different purposes, and as we're seeing a flood of botnets on the market, there also appears to be consolidation with several dominant organizations taking over."

Nazario attended an invitation-only conference in Boston last week dubbed HotBots where he said that researchers concluded that larger botnet operators are getting more aggressive as criminal groups with advanced money laundering capabilities are getting involved and fueling the illegal economy.

With spammers and adware vendors getting into the mix for their own purposes, outbreaks like Storm, which has flooded the Web with a massive amount of traffic since April 12 after periodic outbreaks since late 2006, will likely become more frequent.

"Everyone wants to make their money, and you have a lot of new people coming in, and some of these people are better skilled at the fraud end of the business," Nazario said. "Combined with a lot more people using botnets to drive fraudulent advertising revenue and a lot of next-generation spammers tapping into these botnets, there's a lot of greed, and you see the results."

One problem facing researchers in tracking botnet operators is their ability to infiltrate the community without subjecting themselves to potential arrest, a topic that was also hotly discussed at the HotBots event, according to Nazario.

Another challenge remains the international nature of the botnet industry as many of the parties involved hail from Eastern Europe and China.