Tag: c&c
-
New article: Dissecting the design and vulnerabilities in AZORult C&C panels
AZORult malware has been around in the wild for a couple of years and is very effective at stealing sensitive information from end‑user systems. In a new article for VB, Aditya K Sood looks at the command-and-control (C&C) design of the AZORult malware, discussing his team’s findings related to the C&C design and some security…
-
New paper: LokiBot: dissecting the C&C panel deployments
First advertised as an information stealer and keylogger when it appeared in underground forums in 2015, LokiBot has added various capabilities over the years and has affected many users worldwide. LokiBot C&C panel with CAPTCHA. In a new paper (published today in both HTML and PDF format) researcher Aditya Sood analyses the URL structure of…
-
Spamhaus report shows many botnet controllers look a lot like legitimate servers
Of all the annual security reports and blog posts that look back at the previous year, that of Spamhaus is one I particularly look forward to, as it always comes with good and interesting data. Though The Spamhaus Project is probably best known for its blacklists that are widely used for filtering spam, its researchers…
-
Spamhaus report shows many botnet controllers look a lot like legitimate servers
Of all the annual security reports and blog posts that look back at the previous year, that of Spamhaus is one I particularly look forward to, as it always comes with good and interesting data. Though The Spamhaus Project is probably best known for its blacklists that are widely used for filtering spam, its researchers…
-
VB2017 preview: Offensive malware analysis: dissecting OSX/FruitFly.B via a custom C&C server
Apart from the odd taxi driver loudly making the claim, the idea that “Macs don’t get malware” has become something of the past. Nevertheless, most security researchers focus on Windows (and increasingly Android ) malware, thus making malware that targets macOS still the odd one out. Someone who for years has focused almost exclusively on…
-
VB2017 preview: Offensive malware analysis: dissecting OSX/FruitFly.B via a custom C&C server
Apart from the odd taxi driver loudly making the claim, the idea that “Macs don’t get malware” has become something of the past. Nevertheless, most security researchers focus on Windows (and increasingly Android ) malware, thus making malware that targets macOS still the odd one out. Someone who for years has focused almost exclusively on…
-
VB2016 paper: Debugging and monitoring malware network activities with Haka
Anyone who has ever analysed malware through its network communications will knows that this often involves ad-hoc scripts in languages like Python or Perl to decode the traffic. After all, for somewhat understandable reasons, there is no standard C&C protocol for malware. If you regularly find yourself in this situation, you may want to have…
-
VB2016 paper: Debugging and monitoring malware network activities with Haka
Anyone who has ever analysed malware through its network communications will knows that this often involves ad-hoc scripts in languages like Python or Perl to decode the traffic. After all, for somewhat understandable reasons, there is no standard C&C protocol for malware. If you regularly find yourself in this situation, you may want to have…
-
VB2016 preview: Debugging and Monitoring Malware Network Activities with Haka
Although some inventive (and often quite impractical) non-network-based ways to remotely control malware have been presented, most botnets use the normal Internet connection of the infected device to send information and receive commands. This inherent weakness in botnets’ infrastructures makes command and control traffic a useful avenue for analysing botnet behaviour. Haka is an open…
-
VB2016 preview: Debugging and Monitoring Malware Network Activities with Haka
Although some inventive (and often quite impractical) non-network-based ways to remotely control malware have been presented, most botnets use the normal Internet connection of the infected device to send information and receive commands. This inherent weakness in botnets’ infrastructures makes command and control traffic a useful avenue for analysing botnet behaviour. Haka is an open…