The Command and Control (C&C) channel of modern botnets is migrating from traditional centralized solutions (such as the ones based on Internet Relay Chat and Hyper Text Transfer Protocol), towards new decentralized approaches. Recent C&C channels, for instance, use peer-to-peer networks or exploit popular Online Social Networks (OSNs) to hide their traffic and avoid blacklisting mechanisms. The reason underlying this paradigm shift is that current detection systems became effective in detecting centralized C&C.
In this paper ELISA (Elusive Social Army), the botnet that conceals C&C information using OSNs accounts of unaware users, is described together with a prototype implementation. ELISA exploits in an opportunistic way the messages that users exchange through the OSN: several popular social networks can be abused to run this type of botnet and the purpose of the paper is to discuss why current traffic analysis systems cannot detect ELISA.
There are no real evidences of botnets similar to the prototype described in the article “Boten ELISA: A Novel Approach for Botnet C&C in Online Social Networks”, but trying to find out in advance potential new types of botnets may help to prevent their possible future implementation.