silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,154
A newly discovered piece of malware uses a peer-to-peer (p2p) network on top of InterPlanetary File System’s (IPFS) p2p network, Anomali’s security researchers report.
Discovered in May 2019 and dubbed IPStorm, the malware is written in the Go (Golang) programming language and targets Windows machines. Once it has infected a system, the malicious program allows its operator to execute arbitrary PowerShell code.
The use of a p2p network for communication ensures not only that the generated traffic blends into the legitimate traffic, but also that the infected machines don’t need to maintain a constant connection to the command and control (C&C) server.
Being connected directly to each other via a p2p network, the machines form a p2p botnet, where commands propagate from one bot to another. A p2p botnet is more difficult to implement, as the attacker needs to ensure bots can communicate with each other at all times, even when behind a NAT, but are more difficult to detect, especially with the increased use of p2p in corporate environments.
The newly discovered botnet leverages IPFS, a p2p filesystem project that aims to decentralize the Internet to improve it. The filesystem can be used to host a broad range of files that can be accessed via a client or public gateways.
The InterPlanetary Storm: New Malware in Wild Using InterPlanetary File System’s (IPFS) p2p network | Anomali
A new malware was found that uses peer-to-peer (p2p) network on top of InterPlanetary File System’s (IPFS) p2p network, and is difficult to spot.
www.anomali.com