Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

There are much lighter alternatives though, why would you want to bother with cryptocurrencies when you could just use DHT?

I mean, even just shipping a Tor client embedded in your malware seems like a much better idea.

>just rely on explorers to query your own wallet

This kind of defeats the point, you get exactly 0 censorship resistance like this.





enlighten me how a non trivially generated address that is only known by malware can be implemented in every single blockchain explorer?

you would have to extract the keys from the malware, you would then have to implement the logic and announce it - then rely on blockchain exploreres actually using that data to block addresses in real time.

reply


I'm not 100% sure I understand what you're saying, but I guess you're asking how this could be censored?

> you would have to extract the keys from the malware

Yeah? That happens all the time. If you're designing mechanisms like this, it's presumably specifically against adversaries which are doing exactly that.

> you would then have to implement the logic and announce it - then rely on blockchain exploreres actually using that data to block addresses in real time.

Someone would only have to do this once and all your bots would be gone.

Usually the whole point of these mechanisms is C&C resilience, and usually that only matters for really big botnets which face co-ordinated attacks.

Any good C&C system for a bigger botnet would seek to eliminate all meaningful external points of failure for C&C. Using a block explorer, or HN comments, does not achieve that.

reply


that's why you have large lists, fallbacks and rolling updates to said fallbacks. it isolates you as the c2 owner to the c2 malware. once you have that you can just query from any kind of server and publish it anywhere else, you can have it act as an indirect proxy, not the primary contact point - it's a globally available database for a low low cost of transaction fees.

but explorers are the easiest since there's so many of them and so many of them that do not give two shits about blacklisting addresses.

reply


And what do you gain from all this extra complexity designed to compensate for fundamentally unreliable c&c channels?

You could've just used DHT, or even bundled Tor.

reply


because a c2 mechanism isn't that useful when you can't even send the packets out to the internet to use it when t1's get off their ass and actually do something useful.

reply


>because a c2 mechanism isn't that useful when you can't even send the packets out to the internet to use it when t1's get off their ass and actually do something useful.

There are lots of ways to disguise p2p traffic to make it indistinguishable from common, legitimate software.

reply




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: