ANONYMOUS AND MALICIOUS

Zombie networks have been used for spamming and DDoS attacks. Worms have been designed to receive commands from their creator and update themselves automatically. But the combination of malware and powerful anonymous communication techniques has not been seen – yet. There is a growing body of research work on anonymous communication schemes, which are developed legitimately to allow people to communicate without fear of identification or retribution. For example, such communication could be used by people living under oppressive regimes. Malware using anonymous communication would be as capable as current malware ‘applications’, but in a form that is extremely difficult to trace. There are other possibilities, too. An anonymous communication network established using malware could be used for exchanging illegal or copyrighted information, as well as illicit communication for organized crime or terrorist organizations. This paper discusses anonymous communication methods and shows how they can be modified for use with malware. To counter this threat, we present new methods to identify the existence of malware using anonymous communication schemes, and counterattack techniques that can be used to identify additional nodes within the anonymity network. The awareness of these threats and their countermeasures can be used to build defences before such threats are seen in the wild.

[1]  David Chaum,et al.  The dining cryptographers problem: Unconditional sender and recipient untraceability , 1988, Journal of Cryptology.

[2]  Thomas M. Vogt Simulating and optimising worm propagation algorithms , 2004 .

[3]  Joos Vandewalle,et al.  Solutions for anonymous communication on the Internet , 1999, Proceedings IEEE 33rd Annual 1999 International Carnahan Conference on Security Technology (Cat. No.99CH36303).

[4]  Vern Paxson,et al.  How to Own the Internet in Your Spare Time , 2002, USENIX Security Symposium.

[5]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[6]  Riccardo Bettati,et al.  An optimal strategy for anonymous communication protocols , 2002, Proceedings 22nd International Conference on Distributed Computing Systems.

[7]  Michael J. Freedman,et al.  A peer-to-peer anonymizing network layer , 2002 .

[8]  Clifford Stoll,et al.  Stalking the wily hacker , 1988, CACM.

[9]  Andreas Pfitzmann,et al.  Networks without user observability , 1987, Comput. Secur..

[10]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[11]  B. Cheswick An Evening with Berferd In Which a Cracker is Lured, Endured, and Studied , 1997 .

[12]  Shlomi Dolev,et al.  Buses for Anonymous Message Delivery , 2003, Journal of Cryptology.

[13]  Andreas Hirt A practical buses protocol for anonymous network communication , 2004 .

[14]  Robert Tappan Morris,et al.  Tarzan: a peer-to-peer anonymizing network layer , 2002, CCS '02.

[15]  Andreas Pfitzmann,et al.  Anonymity, Unobservability, and Pseudonymity - A Proposal for Terminology , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[16]  David Thomas,et al.  The Art in Computer Programming , 2001 .

[17]  Eric Filiol,et al.  Strong Cryptography Armoured Computer Viruses Forbidding Code Analysis: the Bradley Virus 1 , 2004 .

[18]  George Danezis,et al.  Mixminion: design of a type III anonymous remailer protocol , 2003, 2003 Symposium on Security and Privacy, 2003..

[19]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .