nach oben

Erschienen in:

2018 | OriginalPaper | Buchkapitel

Detection in the Dark – Exploiting XSS Vulnerability in C&C Panels to Detect Malwares

verfasst von : Shay Nachum, Assaf Schuster, Opher Etzion

Erschienen in: Cyber Security Cryptography and Machine Learning

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Numerous defense techniques exist for preventing and detecting malware on end stations and servers (endpoints). Although these techniques are widely deployed on enterprise networks, many types of malware manage to stay under the radar, executing their malicious actions time and again. Therefore, a more creative and effective solution is necessary, especially as classic threat detection techniques do not utilize all stages of the attack kill chain in their attempt to detect malicious behavior on endpoints.

In this paper, we propose a novel approach for detecting malware. Our approach uses offensive and defensive techniques for detecting active malware attacks by exploiting the vulnerabilities of their command and control panels and manipulating significant values in the operating systems of endpoints – in order to attack these panels and utilize trusted communications between them and the infected machine.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Privacy in e-Shopping Transactions: Exploring and Addressing the Trade-Offs

Nächstes Kapitel A Planning Approach to Monitoring Computer Programs’ Behavior

Saeed, I., Selamat, A., Abuagoub, A., Abdulaziz, S.: A survey on malware and malware detection systems. Int. J. Comput. Appl. 67, 25–32 (2013). https://doi.org/10.5120/11480-7108CrossRef

Feily, M., Shahrestani, A., Ramadass, S.: A survey of botnet and botnet detection. In: Proceedings of 2009 3rd International Conference on Emerging Security Information, Systems and Technologies, SECURWARE 2009, pp. 268–273 (2009). https://doi.org/10.1109/securware.2009.48

Cyber Kill Chain®. https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html

Cross-site Scripting (XSS) – OWASP. https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

Sood, A.K.: Exploiting fundamental weaknesses in botnet Command and Control (C & C) panels. Presented at the 2014 (2014)

Sood, A.K.: Malware at Stake: For Fun - XSS in ICE IX C&C Panel. https://secniche.blogspot.co.il/2012/06/for-fun-xss-in-ice-ix-bot-admin-panel.html

Phase Bot – Exploiting C&C Panel | MalwareTech. https://www.malwaretech.com/2014/12/phase-bot-exploiting-c-pane.html

Wallace, B.: A Study in Bots: Dexter. https://blog.cylance.com/a-study-in-bots-dexter-pos-botnet-malware

Watkins, L., Silberberg, K., Morales, J.A., Robinson, W.H.: Using inherent command and control vulnerabilities to halt DDoS attacks. In: 2015 10th International Conference on Malicious Unwanted Software, MALWARE 2015, pp. 3–10 (2016). https://doi.org/10.1109/malware.2015.7413679

10.

Goodin, D.: White hats publish DDoS hijacking manual, turn tables on attackers | Ars Technica. https://arstechnica.com/information-technology/2012/08/ddos-take-down-manual/

11.

Goodin, D.: Zeus botnets’ Achilles’ Heel makes infiltration easy • The Register. http://www.theregister.co.uk/2010/09/27/zeus_botnet_hijacking

12.

Grange, W.: Digital Vengeance: Exploiting the Most Notorious C & C Toolkits Ethics of Hacking back (2017)

13.

Geers, K., Czosseck, C.: The Virtual Battlefield: Perspectives on Cyber Warfare. Network Security. IOS Press, Amsterdam (2009). 305 pages

14.

Dereszowski, A.: Targeted attacks: from being a victim to counter attacking, pp. 1–28 (2010)

15.

Rascagnères, P.: Public document APT1: technical backstage malware analysis. General Information History, pp. 1–48 (2013)

16.

Denbow, S., Hertz, J.: Pest control: taming the rats (2012)

17.

Eisenbarth, M., Jones, J.: BladeRunner: adventures in tracking botnets. In: Botconf (2013)

18.

Gundert, L.: Proactive Threat Identification Neutralizes Remote Access Trojan Efficacy (2015)

19.

Singel, R.: Security Guru Gives Hackers a Taste of Their Own Medicine | WIRED. https://www.wired.com/2008/04/researcher-demo/

20.

Watkins, L., Kawka, C., Corbett, C., Robinson, W.H.: Fighting banking botnets by exploiting inherent command and control vulnerabilities. In: Proceedings of the 9th IEEE International Conference on Malicious Unwanted Software, MALCON 2014, pp. 93–100 (2014). https://doi.org/10.1109/malware.2014.6999411

21.

Application Verifier | Microsoft Docs. https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/application-verifier

22.

Kageyu, T.: MinHook - The Minimalistic x86/x64 API Hooking Library. https://www.codeproject.com/Articles/44326/MinHook-The-Minimalistic-x-x-API-Hooking-Libra

23.

Kovacs, E.: Alleged Author of MegalodonHTTP Malware Arrested | SecurityWeek.Com. https://www.securityweek.com/alleged-author-megalodonhttp-malware-arrested

24.

Dexter (malware). https://en.wikipedia.org/wiki/Dexter_(malware)

25.

Wallace, B.: A Study in Bots: DiamondFox. https://www.cylance.com/a-study-in-bots-diamondfox

26.

PHP: mysql_real_escape_string – Manual. http://php.net/manual/en/function.mysql-real-escape-string.php

27.

PHP: htmlentities – Manual. http://php.net/manual/en/function.htmlentities.php

28.

Top 10-2017 Top 10 – OWASP. https://www.owasp.org/index.php/Top_10-2017_Top_10

29.

Agmon, O., Posener, B.E., Schuster, A., Mu, A.: Ginseng: Market-Driven Memory Allocation

30.

Sharfman, I., Schuster, A., Keren, D.: Shape sensitive geometric monitoring categories and subject descriptors. In: PODS (2008). https://doi.org/10.1145/1376916.1376958

31.

Friedman, A., Keren, D.: Privacy-preserving distributed stream monitoring. In: NDSS, pp. 23–26 (2014)

32.

Ben-Yehuda, O.A., Ben-Yehuda, M., Schuster, A., Tsafrir, D.: The Resource-as-a-Service (RaaS) cloud. Commun. ACM 57, 76–84. https://doi.org/10.1145/2627422

33.

Gilburd, B., Schuster, A., Wolff, R.: k-TTP: a new privacy model for large-scale distributed environments. In: Proceedings of the Tenth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 563–568 (2004). https://doi.org/10.1145/1014052.1014120

34.

Schuster, A., Wolff, R., Gilburd, B.: Privacy-preserving association rule mining in large-scale distributed systems. In: Proceedings of Cluster Computing and Grid, pp. 1–8 (2004)

35.

Verner, U., Schuster, A., Silberstein, M., Mendelson, A.: Scheduling processing of real-time data streams on heterogeneous multi-GPU systems. In: Proceedings of the 5th Annual International Systems and Storage Conference - SYSTOR 2012, pp. 1–12 (2012). https://doi.org/10.1145/2367589.2367596

Titel: Detection in the Dark – Exploiting XSS Vulnerability in C&C Panels to Detect Malwares
verfasst von: Shay Nachum
Assaf Schuster
Opher Etzion
Verlag: Springer International Publishing
Buch: Cyber Security Cryptography and Machine Learning
Print ISBN: 978-3-319-94146-2

Electronic ISBN: 978-3-319-94147-9

Copyright-Jahr: 2018
DOI: https://doi.org/10.1007/978-3-319-94147-9_18

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"