HTTP:: Botnet Gets Instructions from Image Files
--------
Security researchers have discovered that the authors of a botnet send commands to the infected computers under their control through JPEG files. This new technique has the purpose of hiding the malicious traffic from network scanners.The method was discovered by Jason Milletary, a security researcher with Atlanta-based SecureWorks, while analyzing a botnet known as Monkif or DlKhora. The botnet serves as delivery channel for further malware.Malware delivery services are common on the black market and the providers charge a small fee for each computer infected with someone else's malware. The creators of this trojan downloader have a strong interest in keeping its operation under the radar and are therefore employing several detection evading techniques.Mr. Milletary notes that in addition to its ability to disable various antivirus and firewall solutions, this botnet client also hides its Internet traffic as a JPEG file transfer. The command and control server "sets the HT!
TP Content-Type header to 'image/jpeg' and prefaces the bot commands with a fake 32-byte JPEG header," the researcher explains.Once the malformed JPEG is downloaded to the computer, the bot isolates the header and begins decoding the rest of the response, which is XOR-encoded with a single byte of 0x4. The instruction...
--------
http://news.softpedia.com/news/Botnet-Gets-Instructions-From-Image-Files-123148.shtml
--------
This e-mail was sent by Experiment23 Inc., located in New York, NY
10163. To not receive further e-mails, please visit
http://help.pingie.com
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment