Botract: abusing smart contracts and blockchain for botnet command and control. (24th February 2022)
- Record Type:
- Journal Article
- Title:
- Botract: abusing smart contracts and blockchain for botnet command and control. (24th February 2022)
- Main Title:
- Botract: abusing smart contracts and blockchain for botnet command and control
- Authors:
- Alibrahim, Omar
Malaika, Majid - Abstract:
- This paper presents how smart contracts and blockchains can potentially be abused to create seemingly unassailable botnets. This involves publishing command and control (C2) logic in the form of smart contracts to the blockchain and then calling the functions of the smart contract for sending and receiving commands and keeping track of the state of bots. We call this technique Botract, derived by merging two words: bot and contract. In addition to describing how hackers can exploit smart contracts for C2, we also explain why it is difficult to disarm Botract, given the distributed nature of the blockchain and the persistent nature of smart contracts deployed on top of them. We then describe the architecture for deploying blockchain-based botnets and implement a proof-of-concept using isolated testnet environments. Our goal is to prove the feasibility of our approach, which we hope will create awareness among the community on the importance of auditing smart contracts on the blockchain and defending against these botnets before they become widespread.
- Is Part Of:
- International journal of information and computer security. Volume 17:Number 1/2(2022)
- Journal:
- International journal of information and computer security
- Issue:
- Volume 17:Number 1/2(2022)
- Issue Display:
- Volume 17, Issue 1/2 (2022)
- Year:
- 2022
- Volume:
- 17
- Issue:
- 1/2
- Issue Sort Value:
- 2022-0017-NaN-0000
- Page Start:
- 147
- Page End:
- 163
- Publication Date:
- 2022-02-24
- Subjects:
- smart contract -- blockchain -- security -- botnets -- Ethereum
Computer security -- Periodicals
Information systems management -- Security measures -- Periodicals
Computer networks -- Security measures -- Periodicals
Information technology -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.inderscience.com/browse/index.php?journalCODE=ijics ↗
http://www.inderscience.com/ ↗ - Languages:
- English
- ISSNs:
- 1744-1765
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 20608.xml