Tag: command and control
-
New article: Dissecting the design and vulnerabilities in AZORult C&C panels
AZORult malware has been around in the wild for a couple of years and is very effective at stealing sensitive information from end‑user systems. In a new article for VB, Aditya K Sood looks at the command-and-control (C&C) design of the AZORult malware, discussing his team’s findings related to the C&C design and some security…
-
Spamhaus report shows many botnet controllers look a lot like legitimate servers
Of all the annual security reports and blog posts that look back at the previous year, that of Spamhaus is one I particularly look forward to, as it always comes with good and interesting data. Though The Spamhaus Project is probably best known for its blacklists that are widely used for filtering spam, its researchers…
-
Spamhaus report shows many botnet controllers look a lot like legitimate servers
Of all the annual security reports and blog posts that look back at the previous year, that of Spamhaus is one I particularly look forward to, as it always comes with good and interesting data. Though The Spamhaus Project is probably best known for its blacklists that are widely used for filtering spam, its researchers…
-
Research paper shows it may be possible to distinguish malware traffic using TLS
Researchers at Cisco have published a paper ( PDF ) describing how it may be possible to use machine learning to distinguish malware command-and-control (C&C) traffic using TLS from regular enterprise traffic, and to classify malware families based on their encrypted C&C traffic. The need for malware to communicate with its operators, so that it…
-
Research paper shows it may be possible to distinguish malware traffic using TLS
Researchers at Cisco have published a paper ( PDF ) describing how it may be possible to use machine learning to distinguish malware command-and-control (C&C) traffic using TLS from regular enterprise traffic, and to classify malware families based on their encrypted C&C traffic. The need for malware to communicate with its operators, so that it…
-
VB2014 preview: Duping the machine – malware strategies, post sandbox detection
James Wyke looks at four difference decoy methods. In the weeks running up to VB2014 (the 24th Virus Bulletin International Conference), we will look at some of the research that will be presented at the event. Today, we look at the paper ‘ Duping the machine – malware strategies, post sandbox detection ‘, from Sophos…
-
Malware spoofing HTTP Host header to hide C&C communication
Traffic appears as requests to Google or Yandex. There have been several recent examples of malware using a spoofed HTTP Host header to hide communucation with its control servers. When a web browser sends an HTTP request to a web server, it includes a Host header, containing the host of the site that is requested.…
-
New Zeus/SpyEye botnet does away with command-and-control servers
Increasing use of UDP to avoid communication tracking. Researchers at Symantec have discovered a new parallel build of Zeus (also known as Zbot) and SpyEye that appears to be entirely controlled through peer-to-peer communication. Most botnets are controlled through a number of command-and-control servers, that are used to control the behaviour of the thousands of…