DHT & Malware distribution

CAS as a giant world wide Rainbow-Table

read more:

Modern malware can take various forms, and has reached a very highlevel of sophistication in terms of its penetration, persistence, communi-cation and hiding capabilities. The use of cryptography, and of covertcommunication channels over public and widely used protocols and ser-vices, is becoming a norm. In this work, we start by introducing Re-source Identifier Generation Algorithms. These are an extension of awell-known mechanism called Domain Generation Algorithms, which arefrequently employed by cybercriminals for bot management and commu-nication. Our extension allows, beyond DNS, the use of other protocols.More concretely, we showcase the exploitation of the InterPlanetary filesystem (IPFS). This is a solution for the “permanent web”, which enjoysa steadily growing community interest and adoption. The IPFS is, in ad-dition, one of the most prominent solutions for blockchain storage. Wego beyond the straightforward case of using the IPFS for hosting mali-cious content, and explore ways in which a botmaster could employ it,to manage her bots, validating our findings experimentally. Finally, wediscuss the advantages of our approach for malware authors, its efficacyand highlight its extensibility for other distributed storage services