Das Suchergebnis hat sich seit Ihrer Suchanfrage verändert. Eventuell werden Dokumente in anderer Reihenfolge angezeigt.
  • Treffer 91 von 2513
Zurück zur Trefferliste

Hiding in Plain Sight - Advances in Malware Covert Communication Channels

  • Steganography, the art of concealing information in different types of medias, is a very old practice. Yet, it only recently started being used by malware operators on a large scale. Malware programmers and operators are increasing their efforts in developing covert communication channels between infected computers and their command and control servers. In addition to steganography, recent examples include hiding communication in inconspicuous network traffic such as DNS queries or HTTP 404 error messages. When used properly, these covert communication channels can bypass many automated detection mechanisms and render malware communication difficult to detect and block. From an attacker's perspective, covert communication channels are a valuable addition because they allow messages to blend in with legitimate traffic and thus significantly lower the chance of being detected even when inspected by a human analyst. This presentation studies recent advances in covert communication channels used by real-world malware. First, we will show how steganography has recently been used in three different malware families (Stegoloader, Vawtrak, and Lurk). We will dive into the implementation details on how steganography is implemented and discuss the strengths and weaknesses of each approach. Furthermore, we will detail and compare the usage of inconspicuous carrier protocols for covert communication channels in malware. Examples will span commodity cybercrime as well as targeted attack malware. The cases that are discussed in this presentation are based on real life incidents. While it is easy to speculate how covert communication channels might be used by malicious actors, documentation of real-world cases is sparse. Yet covert communication channels have arrived in both, the commodity cybercrime and targeted attack world. It is thus vital to understand the status-quo and identify current trends in cybercriminal and targeted attack malware. As such, we believe that it is mandatory to highlight what is currently being used in the wild.

Metadaten exportieren

Weitere Dienste

Teilen auf Twitter Suche bei Google Scholar
Metadaten
Verfasserangaben:Christian Dietrich, Pierre-Marc Bureau
URL:https://www.blackhat.com/docs/eu-15/materials/eu-15-Bureau-Hiding-In-Plain-Sight-Advances-In-Malware-Covert-Communication-Channels-wp.pdf
URL:https://www.blackhat.com/docs/eu-15/materials/eu-15-Bureau-Hiding-In-Plain-Sight-Advances-In-Malware-Covert-Communication-Channels.pdf
Titel des übergeordneten Werkes (Deutsch):Konferenz: Blackhat Europe. 10.-13. November 2015 in Amsterdam
Dokumentart:Konferenzveröffentlichung
Sprache:Englisch
Datum der Veröffentlichung (online):24.12.2018
Datum der Erstveröffentlichung:13.11.2015
Veröffentlichende Institution:Westfälische Hochschule Gelsenkirchen Bocholt Recklinghausen
Datum der Freischaltung:17.01.2019
Fachbereiche / Institute:Institute / Institut für Internetsicherheit
Lizenz (Deutsch):License LogoEs gilt das Urheberrechtsgesetz

$Rev: 13159 $