P2P botnets much larger than they seemed

Research is finding that botnets like ZeroAccess and Sality control more than one million infected computers using peer-to-peer communications. Zeus, the online banking trojan, has just about 200,000 nodes. What researchers did was to sneak "sensors" into the networks to determine the figures. These P2p botnets are more resistant to targeted operations to shut them down.

Usually you find a typical botnet using a central server, which is their weak point. Shut down the server and you cripple the botnet. However, these newer botnets are decentralized peer-to-peer structures like the ones used in file-sharing networks. In this situation, the infected systems network with each other, and each zombie computer has a list of direct communication partners – its peers – which belong to the same botnet.

The good news is that home computers, for example, are almost never included, since it is difficult to get past a NAT router from the outside.

The researchers' findings are based largely on analyses of actual bots; in their paper "P2PWNED: Modeling and Evaluating the Resilience of Peer-to-Peer Botnets"PDF, they also present a method for describing P2P botnets with formal models that can then also be used to simulate certain operations.