The peer-to-peer(P2P) protocol provides a decentralized command and control technique. A decentralized network allows botnet clients to relay commands to other bots and removes the need of a master server.

Botnet masters stand to lose access to thousands or millions of infected computers if their control servers are shut down, so they’re looking into decentralized P2P communications, where botnet clients can relay commands to one another, as a resilience technique along with other methods like the use of domain name generation algorithms (DGAs), he said.

Another benefit for attackers is that malicious P2P traffic is hard to detect and block at the network level by using traditional approaches that rely on lists of known IP addresses and hosts associated with C&C servers.

Malware/Threat actors

Preventions

<Mitigation techniques>

Detections

<Detection techniques>

Toolkit

<Toolkit instructions, if applicable>

Similar techniques

References