…and didn’t want to loose it if my control servers got shut down, I’d let every orphaned zombie randomly connect to hosts in a given IP range, and challenge them to give a preimage of a hardcoded hash. [ detail: add a salt to prevent replay attacks ]. With a sufficiently safe casu quo large range, it also might be helpfull to allow zombies to forward still orphan zombies.
Don’t forget to encrypt the communications. Or else you could have a man in the middle attack on your hands.
I don’t think that allowing zombies to forward other zombies is a good idea. Lose control of one of your zombies, and you lose them all. (the stolen zombie could easily use a man in the middle attack to hijack your zombies).
Also, if fellow black hat hackers also have a large zombie network, it would not be impossible for them to brute force a collision of your hash. The recent MD5 collision attack on ssl certs only requires 200 playstation 3’s. The average botnet has around 10.000 machines.
The idea is that when a zombie is forwarded, it only picks its next host to test. It still verifies the host by the hash challenge.
A MITM attack isn’t that bad. As long as the man in the middle isn’t close to the hosts side, you will only lose a few zombies. Anyways, zombie’s are already vulnerable in the first place.
A hash collision wouldn’t help you in this case. And besides that, there are still unbroken hashes.
(The cell processor is extremely powerfull in crunching numbers for general purposes. But ok, 200 PS 3 are still less than 10,000 machines)
But you would still require the zombie to have hash lists of all the different servers right? I would try to get that out of the zombie code. Why not use public key crypto? Sure a hash is a bit faster, but public key is more secure. (does open up a problem with certs, but it is a smaller problem than the one with hashes).
Of course the whole discussion is moot, as it is way more productive for the zombie creator (zombie master? All zombies gain swampwalk and regenrate) to just get more zombies. Orphaned zombies aren’t that much of a concern. If your c&c servers get shut down, is a sign of bigger problems. I would focus on getting more exploits out there.
You’d only need one hash for all your servers. If one of your servers is compromised, all zombies are anyways. The hashes aren’t the secret anyways. It’s the preimage of the hash that is the secret.
If I use the hash [tex]x \mapsto c ^ x \mod m[/tex] for some [tex]c[/tex] and [tex]m[/tex], then this hash uses the same tough problem as Diffie-Hellman (ie. logarithms are hard in finite fields). If you can break my suggested method, then you can break it if it used Diffie-Hellman. Hashes don’t need to be less secure than asymmetric cryptography. (Oh, note that this isn’t a great hash for collisions are trivially found, thanks to Euler.)
Even more general: create a keypair. Forget the private key. Use the encryption with the private key as a hash function. (With some trivial reduction afterwards)
Anyways, if you break hashes, you also break certificate based security systems ;).
If your C&C servers are compromised, then all your zombies are orphaned. They’re quite productive to reclaim. Infected orphaned zombies with my scheme constitute as easy-exploitable pc’s if you have the secret ;).