Toggle Main Menu Toggle Search

Open Access padlockePrints

ZombieCoin 2.0: managing next-generation botnets using Bitcoin

Lookup NU author(s): Dr Taha Ali, Patrick Mccorry, Dr Peter Lee, Professor Feng Hao

Downloads


Licence

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License (CC BY-NC 4.0).


Abstract

© 2017 Springer-Verlag Berlin Heidelberg Botnets are the preeminent source of online crime and arguably one of the greatest threats to the Internet infrastructure. In this paper, we present ZombieCoin, a botnet command-and-control (C&C) mechanism that leverages the Bitcoin network. ZombieCoin offers considerable advantages over existing C&C techniques, most notably the fact that Bitcoin is designed to resist the very same takedown campaigns and regulatory processes that are the most often-used methods to combat botnets today. Furthermore, we describe how the Bitcoin network enables novel C&C techniques, which dramatically expand the scope of this threat, including the possibilities of flexible rendezvous scheduling, efficient botnet partitioning, and fine-grained control over bots. We validate our claims by implementing ZombieCoin bots which we then deploy and successfully control over the Bitcoin network. Our findings lead us to believe that Bitcoin-based C&C mechanisms are a highly desirable option that botmasters will pursue in the near future. We hope our study provides a useful first step towards devising effective countermeasures for this threat.


Publication metadata

Author(s): Ali ST, McCorry P, Lee PH-J, Hao F

Publication type: Article

Publication status: Published

Journal: International Journal of Information Security

Year: 2018

Volume: 17

Issue: 4

Pages: 411-422

Print publication date: 01/08/2018

Online publication date: 01/06/2017

Acceptance date: 02/04/2016

Date deposited: 22/08/2017

ISSN (print): 1615-5262

ISSN (electronic): 1615-5270

Publisher: Springer Verlag

URL: https://doi.org/10.1007/s10207-017-0379-8

DOI: 10.1007/s10207-017-0379-8


Altmetrics

Altmetrics provided by Altmetric


Share