Thorsten Holz writes about Measuring and Detecting Fast-Flux Service Networks on the Honeyblog, a weblog that deals with IT-security related stuff, honeypots/honeynets, malware and bots/botnets. Findings on a lab project focusing on fast-flux service networks (FFSNs), a mechanism used by attackers to build an overlay network on top of compromised machines, were published in a paper at NDSS'08.
The paper presents the first empirical study of fast-flux service networks (FFSNs), a newly emerging and still not widely-known phenomenon in the Internet. "Through [their] measurements [they] show that the threat which FFSNs pose is significant: FFSNs occur on a worldwide scale and already host a substantial percentage of online scams. Based on analysis of the principles of FFSNs, [they] developed a metric with which FFSNs can be effectively detected. " Possible mitigation strategies are also discussed in the document.
Read the full paper here.
More about the paper on Honeyblog.