Defending against botnets has always been a cat and mouse game. Cyber-security researchers and government agencies attempt to detect and take down botnets by playing the role of the cat. In this context, a lot of work has been done towards reverse engineering certain variants of malware families as well as understanding the network protocols of botnets to identify their weaknesses (if any) and exploit them. While this is necessary, such an approach offers the botmasters the ability to quickly counteract the defenders by simply performing small changes in their arsenals.
CROSSING researchers at the Telecooperation Lab attempt a different approach by actually taking the role of the Botmaster, to eventually anticipate his behavior. In their presentation “I Trust My Zombies: A Trust-Enabled Botnet”, they present a novel computational trust mechanism for fully distributed botnets that allows for a resilient and stealthy management of the infected machines (zombies). The presentation will take place during Blackhat Europe in London (December 4-7, 2017).