{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,21]],"date-time":"2026-02-21T18:39:00Z","timestamp":1771699140818,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":52,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642142147","type":"print"},{"value":"9783642142154","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2010]]},"DOI":"10.1007\/978-3-642-14215-4_5","type":"book-chapter","created":{"date-parts":[[2010,7,2]],"date-time":"2010-07-02T01:18:35Z","timestamp":1278033515000},"page":"81-100","source":"Crossref","is-referenced-by-count":16,"title":["Take a Deep Breath: A Stealthy, Resilient and Cost-Effective Botnet Using Skype"],"prefix":"10.1007","author":[{"given":"Antonio","family":"Nappa","sequence":"first","affiliation":[]},{"given":"Aristide","family":"Fattori","sequence":"additional","affiliation":[]},{"given":"Marco","family":"Balduzzi","sequence":"additional","affiliation":[]},{"given":"Matteo","family":"Dell\u2019Amico","sequence":"additional","affiliation":[]},{"given":"Lorenzo","family":"Cavallaro","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"5_CR1","unstructured":"Adnkronos International. Italy: Govt probes suspected mafia use of Skype (February 2009), http:\/\/www.adnkronos.com\/AKI\/English\/Security\/?id=3.0.3031811578"},{"key":"5_CR2","unstructured":"Anderson, N.: Is Skype a haven for criminals? (February 2006), http:\/\/arstechnica.com\/old\/content\/2006\/02\/6206.ars"},{"key":"5_CR3","unstructured":"Baset, S., Schulzrinne, H.: An analysis of the Skype peer-to-peer internet telephony protocol. In: CoRR (2004)"},{"key":"5_CR4","unstructured":"BBC. Italy police warn of Skype threat (February 2009), http:\/\/news.bbc.co.uk\/2\/hi\/europe\/7890443.stm"},{"key":"5_CR5","unstructured":"Binkley, J.R.: An algorithm for anomaly-based botnet detection. In: SRUTI 2006 (2006)"},{"key":"5_CR6","unstructured":"Biondi, P., Desclaux, F.: Silver Needle in the Skype (March 2006)"},{"key":"5_CR7","unstructured":"Blancher, C.: Fire in the Skype\u2013Skype powered botnets (October 2006), http:\/\/sid.rstack.org\/pres\/0606_Recon_Skype_Botnet.pdf"},{"key":"5_CR8","doi-asserted-by":"crossref","DOI":"10.1017\/CBO9780511814068","volume-title":"Random Graphs","author":"B. Bollob\u00e1s","year":"2001","unstructured":"Bollob\u00e1s, B.: Random Graphs. Cambridge University Press, Cambridge (January 2001)"},{"key":"5_CR9","unstructured":"Cavallaro, L., Kruegel, C., Vigna, G.: Mining the network behavior of bots. Tech. Rep. 2009-12, Department of Computer Science, University of California at Santa Barbara (UCSB), CA, USA (July 2009)"},{"key":"5_CR10","doi-asserted-by":"crossref","unstructured":"Christodorescu, M., Jha, S., Seshia, S.A., Song, D., Bryant, R.E.: Semantics-aware malware detection. In: Proceedings of the 2005 IEEE Symposium on Security and Privacy, Oakland 2005 (2005)","DOI":"10.1109\/SP.2005.20"},{"key":"5_CR11","doi-asserted-by":"crossref","unstructured":"Ciaccio, G.: Improving sender anonymity in a structured overlay with imprecise routing. LNCS. Springer, Heidelberg (2006)","DOI":"10.1007\/11957454_11"},{"key":"5_CR12","unstructured":"CNET News. Hacking for dollars (July 2005), http:\/\/news.cnet.com\/Hacking-for-dollars\/2100-7349_3-5772238.html"},{"key":"5_CR13","unstructured":"CNET News. Skype could provide botnet controls (January 2006), http:\/\/news.cnet.com\/2100-7349_3-6031306.html"},{"key":"5_CR14","unstructured":"Cooke, E., Jahanian, F., McPherson, D.: The zombie roundup: understanding, detecting, and disrupting botnets. In: SRUTI 2005: Proceedings of the Workshop on Steps to Reducing Unwanted Traffic on the Internet (2005)"},{"key":"5_CR15","unstructured":"Danchev, D.: Skype to control botnets?! (January 2006), http:\/\/ddanchev.blogspot.com\/2006\/01\/skype-to-control-botnets.html"},{"key":"5_CR16","doi-asserted-by":"crossref","unstructured":"Dell\u2019Amico, M.: Mapping small worlds. In: IEEE P2P 2007 (2007)","DOI":"10.1109\/P2P.2007.29"},{"key":"5_CR17","unstructured":"Desclaux, F., Kortchinsky, K.: Vanilla Skype part 2 (June 2006)"},{"key":"5_CR18","unstructured":"Ebay. Ebay, Paypak, Skype 2009, Q1 financial report (2009), http:\/\/ebayinkblog.com\/wp-content\/uploads\/2009\/04\/ebay-q1-09-earnings-release.pdf"},{"key":"5_CR19","unstructured":"Egele, M., Kruegel, C., Kirda, E., Yin, H.: Dynamic Spyware Analysis. In: Proceedings of the 2007 Usenix Annual Conference, Usenix 2007 (2007)"},{"key":"5_CR20","unstructured":"Franklin, J., Paxson, V., Perrig, A., Savage, S.: An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants. In: CCS 2007: Proceedings of the 14th ACM Conference on Computer and Communications Security (2007)"},{"key":"5_CR21","doi-asserted-by":"crossref","unstructured":"Freiling, F.C., Holz, T., Wicherski, G.: Botnet tracking: Exploring a root-cause methodology to prevent distributed denial-of-service attacks. In: Proceedings of 10 th European Symposium on Research in Computer Security, ESORICS (2005)","DOI":"10.1007\/11555827_19"},{"key":"5_CR22","unstructured":"Gnutella Development Forum. Gnutella protocol specification, http:\/\/wiki.limewire.org\/index.php?title=GDF"},{"key":"5_CR23","unstructured":"Goebel, J., Holz, T.: Rishi: Identify Bot Contaminated Hosts by IRC Nickname Evaluation. In: HotBots 2007: Proceedings of the First Workshop on Hot Topics in Understanding Botnets (2007)"},{"key":"5_CR24","unstructured":"Gu, G., Perdisci, R., Zhang, J., Lee, W.: BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection. In: Proceedings of the 17th USENIX Security Symposium (2008)"},{"key":"5_CR25","unstructured":"Gu, G., Porras, P., Yegneswaran, V., Fong, M., Lee, W.: BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation. In: Proceedings of the 16th USENIX Security Symposium (2007)"},{"key":"5_CR26","unstructured":"Gu, G., Zhang, J., Lee, W.: BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic. In: Proceedings of the 15th Annual Network and Distributed System Security Symposium, NDSS 2008 (2008)"},{"key":"5_CR27","unstructured":"Gutmann, P.: The Commercial Malware Industry. In: Proceedings of the DEFCON conference (2007)"},{"key":"5_CR28","doi-asserted-by":"crossref","unstructured":"He, Q., Ammar, M.: Congestion control and message loss in Gnutella networks. In: Proceedings of SPIE (2003)","DOI":"10.1117\/12.538800"},{"key":"5_CR29","unstructured":"Holz, T., Steiner, M., Dahl, F., Biersack, E., Freiling, F.: Measurements and Mitigation of Peer-to-Peer-based Botnets:A Case study on Storm Worm. In: USENIX Workshop on Large Scale Exploits and Emerging Threats (2008)"},{"key":"5_CR30","unstructured":"IT World: Making a PBX \u2019botnet\u2019 out of Skype or Google Voice? (April 2009), http:\/\/www.itworld.com\/internet\/66280\/making-pbx-botnet-out-skype-or-google-voice"},{"key":"5_CR31","unstructured":"Karasaridis, A., Rexroad, B., Hoeflin, D.: Wide-scale Botnet Detection and Characterization. In: HotBots 2007: Proceedings of the First Workshop on Hot Topics in Understanding Botnets (2007)"},{"key":"5_CR32","unstructured":"Lanzi, A., Sharif, M., Lee, W.: K-Tracer: A System for Extracting Kernel Malware Behavior. In: The 16th Annual Network and Distributed System Security Symposium, NDSS 2009 (2009)"},{"key":"5_CR33","unstructured":"Leiden, J.: Anti-mafia cops want Skype tapping (Feburary 2009), http:\/\/www.theregister.co.uk\/2009\/02\/24\/eurojust_voip_wiretap_probe\/"},{"key":"5_CR34","unstructured":"Martignoni, L., Paleari, R.: WUSSTrace - a user-space syscall tracer for Microsoft Windows, http:\/\/security.dico.unimi.it\/projects.shtml"},{"key":"5_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"78","DOI":"10.1007\/978-3-540-87403-4_5","volume-title":"Recent Advances in Intrusion Detection","author":"L. Martignoni","year":"2008","unstructured":"Martignoni, L., Stinson, E., Fredrikson, M., Jha, S., Mitchell, J.C.: A Layered Architecture for Detecting Malicious Behaviors. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol.\u00a05230, pp. 78\u201397. Springer, Heidelberg (2008)"},{"key":"5_CR36","unstructured":"Microsoft. MSDN Library on developing Windows User Interfaces, http:\/\/msdn.microsoft.com\/en-us\/library\/ms632587.VS.85.aspx"},{"key":"5_CR37","series-title":"Lecture Notes in Computer Science","volume-title":"FLuXOR: Detecting and Monitoring Fast-Flux Service Networks","author":"E. Passerini","year":"2008","unstructured":"Passerini, E., Paleari, R., Martignoni, L., Bruschi, D.: FLuXOR: Detecting and Monitoring Fast-Flux Service Networks. LNCS. Springer, Heidelberg (2008)"},{"key":"5_CR38","unstructured":"Pissny, B.: HotSanic, HTML overview to System and Network Information Center (July 2004), http:\/\/hotsanic.sourceforge.net"},{"key":"5_CR39","doi-asserted-by":"crossref","unstructured":"Rajab, M.A., Zarfoss, J., Monrose, F., Terzis, A.: A Multifaceted Approach to Understanding the Botnet Phenomenon. In: IMC 2006: Proceedings of the 6th ACM SIGCOMM on Internet measurement (2006)","DOI":"10.1145\/1177080.1177086"},{"key":"5_CR40","doi-asserted-by":"crossref","unstructured":"Sandberg, O.: Distributed routing in small-world networks. In: ALENEX 2006 (2006)","DOI":"10.1137\/1.9781611972863.14"},{"key":"5_CR41","unstructured":"Schneier, B.: Bavarian government wants to intercept Skype calls, http:\/\/www.schneier.com\/blog\/archives\/2008\/02\/bavarian_govern.html"},{"key":"5_CR42","unstructured":"Sissel, J.: xdotool, http:\/\/www.semicomplete.com\/projects\/xdotool\/"},{"key":"5_CR43","doi-asserted-by":"crossref","unstructured":"Starnberger, G., Kruegel, C., Kirda, E.: Overbot - A botnet protocol based on Kademlia. In: Proceedings of the International on Security and Privacy in Communication Networks, SecureComm., Istambul, Turkey (2008)","DOI":"10.1145\/1460877.1460894"},{"key":"5_CR44","doi-asserted-by":"crossref","unstructured":"Stock, B., Goebel, J., Engelberth, M., Freiling, F., Holz, T.: Walowdac - Analysis of a Peer-to-Peer Botnet. In: European Conference on Computer Network Defense (EC2ND) (November 2009)","DOI":"10.1109\/EC2ND.2009.10"},{"key":"5_CR45","doi-asserted-by":"crossref","unstructured":"Stone-Gross, B., Cova, M., Cavallaro, L., Gilbert, B., Szydlowski, M., Kemmerer, R., Kruegel, C., Vigna, G.: Your Botnet is My Botnet: Analysis of a Botnet Takeover. In: Proceedings of the 16th ACM conference on Computer and Communications Security, CCS 2009 (2009)","DOI":"10.1145\/1653662.1653738"},{"key":"5_CR46","doi-asserted-by":"crossref","unstructured":"Strayer, W.T., Walsh, R., Livadas, C., Lapsley, D.: Detecting botnets with tight command and control. In: Proceedings of the 31st IEEE Conference on Local Computer Networks (2006)","DOI":"10.1109\/LCN.2006.322100"},{"key":"5_CR47","unstructured":"TechWorld. Cambridge prof. warns of Skype botnet threat. VoIP traffic can cover a multitude of sins (January 2006), http:\/\/news.techworld.com\/security\/5232\/cambridge-prof-warns-of-skype-botnet-threat\/"},{"key":"5_CR48","unstructured":"TechWorld. How bad is the Skype botnet threat? Skype\u2019s sneakiness leads to a security risk (January 2006), http:\/\/features.techworld.com\/security\/2199\/how-bad-is-the-skype-botnet-threat\/"},{"key":"5_CR49","unstructured":"EU Forward. Forward: Managing Emerging Threats in ICT Infrastructures (2008), http:\/\/www.ict-forward.eu"},{"key":"5_CR50","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"232","DOI":"10.1007\/978-3-642-04444-1_15","volume-title":"Computer Security \u2013 ESORICS 2009","author":"P. Wurzinger","year":"2009","unstructured":"Wurzinger, P., Bilge, L., Holz, T., Goebel, J., Kruegel, C., Kirda, E.: Automatically Generating Models for Botnet Detection. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol.\u00a05789, pp. 232\u2013249. Springer, Heidelberg (2009)"},{"key":"5_CR51","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"207","DOI":"10.1007\/978-3-540-70542-0_11","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"T.-F. Yen","year":"2008","unstructured":"Yen, T.-F., Reiter, M.K.: Traffic Aggregation for Malware Detection. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol.\u00a05137, pp. 207\u2013227. Springer, Heidelberg (2008)"},{"key":"5_CR52","doi-asserted-by":"crossref","unstructured":"Yin, H., Song, D., Egele, D.M., Kruegel, C., Kirda, E.: Panorama: Capturing System-wide Information Flow for Malware Detection and Analysis. In: CCS 2007: Proceedings of the 14th ACM Conference on Computer and Communications Security (2007)","DOI":"10.1145\/1315245.1315261"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-14215-4_5.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,11,23]],"date-time":"2020-11-23T21:49:18Z","timestamp":1606168158000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-14215-4_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010]]},"ISBN":["9783642142147","9783642142154"],"references-count":52,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-14215-4_5","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2010]]}}}