Last week the FBI took down the Coreflood botnet—a major network of zombie computers that had been used to steal personal information worth hundreds of thousands of dollars. But the bust relied on an important weakness of conventional botnets—that they are controlled by a few central computers. Take down those central machines and you'll disable the whole network of as many as hundreds of thousands of compromised PCs. Researchers warn that this weakness does not exist in botnets that use peer-to-peer communications protocols, whereby messages are passed from machine to machine instead of coming from a central command.
Peer-to-peer botnets could become more common if coordinated attacks on conventional botnets continue. "When they feel that centralized botnets have more of a tendency to be shut down by the authorities, then they will turn to peer-to-peer botnets," says Cliff Zou, a network security researcher at the University of Central Florida.
A botnet is a network of computers that, unknown to their owners, have been compromised by viruses or worms and can be controlled remotely. Spammers and criminal organizations use them to troll for credit card and bank account information.
Some botnets already implemented have used peer-to-peer communications. Computers in such a network keep a list of peers—other computers in the network—and pass information on to them. When the controller wants to issue a command to the botnet, he inserts it into one or more of the peers, and it gradually spreads throughout the network.