John Aycock Department of Computer Science, University of Calgary
Andreas Hirt Department of Computer Science, University of Calgary
Zombie networks have been used for spamming and DDoS attacks. Worms have been designed to receive commands from their creator and automatically update themselves. But the combination of malware and powerful anonymous communication techniques has not been seen – yet.
There is a growing body of research work on anonymous communication schemes, which are developed legitimately for people to communicate without fear of identification or retribution. For example, such communication could be used by people living under oppressive regimes.
Malware using anonymous communication would be as capable as current malware ‘applications’, but in a form that is extremely difficult to trace. There are other possibilities, too. An anonymous communication network established using malware could be used for exchanging illegal or copyrighted information, as well as illicit communication for organized crime or terrorist organizations.
This paper discusses anonymous communication methods and shows how they can be modified for use with malware. To counter this threat, we present new methods to identify the existence of malware using anonymous communication schemes, and anonymity attack techniques that can be used to identify additional nodes within the anonymity network. The awareness of these threats and their countermeasures can be used to build defences before such threats are seen in the wild.
