Why are cryptographically signed botnet orders rarely (if ever) seen in practice?

V

van_truffel2014-07-08 18:32:09

Malware

van_truffel, 2014-07-08 18:32:09

Good day to all.
Reading the news feed, I am surprised at this: how and why, with the ability to write software that bypasses RBS protection and all sorts of anti-garbage, malware developers never used cryptographic signatures in their creations. It's so easy to build it in. Almost every botnet (P2P or C&C) has been shut down either by introducing fake nodes into the network or by confiscating servers and domains. On the other hand, if there were cryptographic signatures, the keys of which would be stored only on the computer of the bot master, then of course it would be sad. Imagine the Internet if all botnets from 2006 were active to this day.
What is the reason for such a phenomenon?
Methods and algorithms did not appear yesterday.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

P

pi314, 2014-07-08
@van_truffel

Introduction of a Single Key Pair a. increases the complexity of the system, b. increases the load (on encryption) and therefore the risk of detection and at the same time c. does not bring any profit in the sense of protection from these methods of struggle. The introduction of unique key pairs for each client increases the complexity of infection (because keys must be generated for each client). And finally, any of these methods in the case of the indicated confiscation of servers provides direct evidence :)

P

Puma Thailand, 2014-07-09
@opium

It makes no sense, it is not financially profitable.
The botnet does not improve in any way, it carries an extra load and programming.
It does not protect against the fact that the servers are confiscated.