2. Decentralized or P2P botnets. In a decentralized botnet, bots connect to several infected machines on a bot network rather than to a command and control center. Commands are transferred from bot to bot: each bot has a list of several 'neighbors', and any command received by a bot from one of its neighbors will be sent on to the others, further distributing it across the zombie network. In this case, a cybercriminal needs to have access to at least one computer on the zombie network to be able to control the entire botnet. In practice, building decentralized botnets is not an easy task, since each newly infected computer needs to be provided with a list of bots to which it will connect on the zombie network. It is much easier to direct a bot to a central server first, where it will receive a list of 'neighbor' bots, and only then switch it to P2P connections. This mixed topology is also categorized as P2P, although at a certain stage the bots will use a C&C. Combating decentralized botnets is a much more difficult task than that of combating centralized networks as an active P2P botnet has no control center.
Classification of botnets according to network protocols
For a botnet owner to be able to send commands to a bot, it is essential that a network connection be established between the zombie machine and the computer transmitting commands to it. All network connections are based on protocols that define rules for the interaction between computers on the network. Therefore, botnets can be classified based on the network protocols used. Botnets can be divided into the following classes when classified according to network protocols:
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.