Hydras and IPFS: a decentralised playground for malware

  title={Hydras and IPFS: a decentralised playground for malware},
  author={Constantinos Patsakis and Fran Casino},
  journal={International Journal of Information Security},
Modern malware can take various forms and has reached a very high level of sophistication in terms of its penetration, persistence, communication and hiding capabilities. The use of cryptography, and of covert communication channels over public and widely used protocols and services, is becoming a norm. In this work, we start by introducing Resource Identifier Generation Algorithms. These are an extension of a well-known mechanism called domain generation algorithms, which are frequently… 

Encrypted and Covert DNS Queries for Botnets: Challenges and Countermeasures

Exploiting Statistical and Structural Features for the Detection of Domain Generation Algorithms

Challenges in decentralized name management: the case of ENS

This first large-scale measurement study of ENS is presented, and it is found that attackers are abusing the system with thousands of squatting ENS names, a number of scam blockchain addresses and indexing of malicious websites.

Unravelling Ariadne’s Thread: Exploring the Threats of Decentralised DNS

This work presents the emerging threat landscape of blockchain-based DNS and empirically validate the threats with real-world data, and explores a part of the blockchain DNS ecosystem in terms of the browser extensions using such technologies, the chain itself, the domains, and users who have been registered in these platforms.

Ransomware as a Service using Smart Contracts and IPFS

This work demonstrates how distributed ledgers and the InterPlanetary File System can be used to launch a ransomware as a service campaign, and shows that criminals can transact with affiliates and victims without having to reveal their identity.

Decentralization and web3 technologies

Today’s web is structured so that users must trust these companies, so trustless alternatives haven’t already been developed, and technologies and protocols must be developed to enable web users to use the web securely without trusting any other user.

Immutability and Decentralized Storage: An Analysis of Emerging Threats

Blockchain and the most widely used DFS systems are examined and their main challenges and opportunities are discussed, with special regard to their immutability and its impact on their GDPR compliance.

Delegated content erasure in IPFS

EvilModel: Hiding Malware Inside of Neural Network Models

A new method to covertly and evasively deliver malware through a neural network model, which shows that 36.9MB of malware can be embedded in a 178MB-AlexNet model within 1% accuracy loss, and no suspicion is raised by anti-virus engines in VirusTotal, which verifies the feasibility of this method.

An Efficient Blockchain-Based Privacy-Preserving Collaborative Filtering Architecture

Blockchain is used as the backbone of a decentralized RS, managing to equip it with a broad set of features while simultaneously, preserving user's privacy, and introduces a new architecture, based on decentralized locality sensitive hashing classification as well as a set of recommendation methods, according to how data are managed by users.



Malware Coordination using the Blockchain: An Analysis of the Cerber Ransomware

An entirely new principle of domain generation is described, actively deployed in the Cerber ransomware, which finds and coordinates with its owner based on transaction information in the bitcoin blockchain, which allows the malware author to dynamically update the location of the server in realtime.

Still Beheading Hydras: Botnet Takedowns Then and Now

This paper improves an existing takedown analysis system called rza, examines additional botnet takedowns, enhances the risk calculation to use botnet population counts, and performs a postmortem analysis of the recent 3322.org, Citadel, and No-IP takedowns.

Developing a Κ-ary malware using blockchain

This paper summarizes techniques adopted by malicious software to avoid functionalities implemented for viral detection and presents the implementation of new viral techniques that leverage the blockchain network.

ZombieCoin 2.0: managing next-generation botnets using Bitcoin

This paper presents ZombieCoin, a botnet command-and-control (C&C) mechanism that leverages the Bitcoin network that offers considerable advantages over existing C&C techniques, most notably the fact that Bitcoin is designed to resist the very same takedown campaigns and regulatory processes to combat botnets today.

A Comprehensive Measurement Study of Domain Generating Malware

This paper performs a comprehensive measurement study of the DGA landscape by analyzing 43 DGA-based malware families and variants, and presents a taxonomy for DGAs and uses it to characterize and compare the properties of the studied families.

From Throw-Away Traffic to Bots: Detecting the Rise of DGA-Based Malware

A new technique to detect randomly generated domains without reversing is presented, finding that most of the DGA-generated domains that a bot queries would result in Non-Existent Domain (NXDomain) responses, and that bots from the same bot-net (with the same DGA algorithm) would generate similar NXDomain traffic.

DGA-Based Botnet Detection Using DNS Traffic

This paper presents a new technique to detect DGAs using DNS NXDomain traffic, and shows that this method is of good effectiveness on detecting algorithmically generated domains used by botnets.

Stegobot: A Covert Social Network Botnet

Analysis of Stegobot's network throughput indicates that stealthy as it is, it is also functionally powerful - capable of channeling fair quantities of sensitive data from its victims to the botmaster at tens of megabytes every month.

Peer-to-Peer Botnets: Overview and Case Study

An overview of peer-to-peer botnets is presented and a case study of a Kademlia-based Trojan is presented, which shows how attackers will move to more resilient architectures in the near future.

Winning with DNS Failures: Strategies for Faster Botnet Detection

This paper applies the XDOMAIN technique to a Tier-1 ISP dataset obtained from South Asia, and a campus DNS trace, and thus validate the methods by detecting Conficker botnet IPs and other anomalies with a false positive rate as low as 0.02%.