Botnets such as ZeroAccess, TDL4/TDSS and Zeus v3 have shown the way for peer-to-peer botnet builders, either as a primary means of communication between hackers and bots, or as a fallback in case centralized communication is disrupted or permanently terminated. Researchers at Damballa, in fact, are reporting a five-fold increase in the number malware samples spread via peer-to-peer during the past 12 months. ZeroAccess is likely the biggest offender, a potent malware family with rootkit capabilities that has been folded into a number of exploit kits, including Blackhole one of the most potent commercial kits available on the underground.
“It’s been put into some toolkits, so it’s spread out among different implementations,” said Damballa senior research scientist John Jerrim. “You don’t have to write your own [botnet]. It’s available to buy and use; it’s big business in terms of building botnets.”"