As the Net Churns: Fast-Flux Botnet Observations

While botnets themselves provide a rich platform for financial gain for the botnet master, the use of infected hosts as webservers can provide an additional botnet use. Botnet herders often use fast-flux DNS techniques to host unwanted or illegal content within a botnet. These techniques change the mapping of domain name to different bots within he botnet with constant shifting, while the bots simply relay content back to a central server. This can give the attackers additional stepping stones to thwart takedown and can obscure their true origins. Alternatively, a fast flux botnet can be shut down if the mothership systems are taken offline. This has proven difficult to achieve in practice because these systems are often located in complicit or hostile networks which do not respond to abuse complaints.