Internet & Web

Malware Forensics

Description
Malware forensics has turned out to be progressively more significant as the cybercrime community cause destruction to retail, technology and financial institutions. Cybercrime can cause danger to governmental and private organizations alike, and
Categories
Published
of 18
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Related Documents
Share
Transcript
  Malware Forensics  Trends in Malware Evolution •  Botnets: •  Distributed Management (C&C Servers/anti  – network forensicstechniques, such as randomized and encrypted packets that madetraffic filtering difficult. •  Full-Featured Control (remote access trojans (RATs), designed tofacilitate remote control of individual compromised endpoints. •  Sophisticated endpoint control with automated propagationtechniques, automated self-update mechanisms, and multilayer,hierarchical, and/or peer-to-peer C&C channels. •  Also legitimate enterprise networks, including internal DNS, web,email, and software update mechanisms.  Encryption and Obfuscation •  IDS/Antivirus Evasion •  The attacker chops up a string from a session and splits it acrossmultiple packets to foil NIDS/NIPS pattern matching. •  Fragmentation attacks are designed to split individual packets intomuch smaller packets. •  The NIDS/NIPS must reassemble the packet fragments to properlyanalyze them, which uses up significant resources. •  Web Obfuscation/Encryption •  leverages obfuscation techniques to embed malicious code (i.e.,JavaScript) in web pages.  Encryption and Obfuscation •  Hiding C&C Channels •  Maintaining Control •  Hiding and encrypted Internet Relay Chat (IRC) •  Peer-to-Peer C&C •  Pool Ips •  Blind Redirection •  Fast-Flux DNS •  DGA domains •  Tor-based C&C  GameoverZeus •  The protocol used by Gameover Zeus includes mechanisms forexchanging binary and configuration updates, requesting peer lists,and requesting the IP address of special members of the botnetreferred to as  “proxy bots” . •  Each infected host uses a unique UDP port for communication fromthe range 10,000 to 30,000 or between 1024 and 10000. •  The host that was infected with Gameover Zeus has an IP address of 192.168.1.1. Since the infected host sends UDP packets to a numberof peer at IP address 10.1.1.1.
Search
Tags
Related Search
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks