Top

Published in:

2018 | OriginalPaper | Chapter

Detection in the Dark – Exploiting XSS Vulnerability in C&C Panels to Detect Malwares

Authors : Shay Nachum, Assaf Schuster, Opher Etzion

Published in: Cyber Security Cryptography and Machine Learning

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Numerous defense techniques exist for preventing and detecting malware on end stations and servers (endpoints). Although these techniques are widely deployed on enterprise networks, many types of malware manage to stay under the radar, executing their malicious actions time and again. Therefore, a more creative and effective solution is necessary, especially as classic threat detection techniques do not utilize all stages of the attack kill chain in their attempt to detect malicious behavior on endpoints.

In this paper, we propose a novel approach for detecting malware. Our approach uses offensive and defensive techniques for detecting active malware attacks by exploiting the vulnerabilities of their command and control panels and manipulating significant values in the operating systems of endpoints – in order to attack these panels and utilize trusted communications between them and the infected machine.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Privacy in e-Shopping Transactions: Exploring and Addressing the Trade-Offs

next chapter A Planning Approach to Monitoring Computer Programs’ Behavior

Saeed, I., Selamat, A., Abuagoub, A., Abdulaziz, S.: A survey on malware and malware detection systems. Int. J. Comput. Appl. 67, 25–32 (2013). https://doi.org/10.5120/11480-7108CrossRef

Feily, M., Shahrestani, A., Ramadass, S.: A survey of botnet and botnet detection. In: Proceedings of 2009 3rd International Conference on Emerging Security Information, Systems and Technologies, SECURWARE 2009, pp. 268–273 (2009). https://doi.org/10.1109/securware.2009.48

Cyber Kill Chain®. https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html

Cross-site Scripting (XSS) – OWASP. https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

Sood, A.K.: Exploiting fundamental weaknesses in botnet Command and Control (C & C) panels. Presented at the 2014 (2014)

Sood, A.K.: Malware at Stake: For Fun - XSS in ICE IX C&C Panel. https://secniche.blogspot.co.il/2012/06/for-fun-xss-in-ice-ix-bot-admin-panel.html

Phase Bot – Exploiting C&C Panel | MalwareTech. https://www.malwaretech.com/2014/12/phase-bot-exploiting-c-pane.html

Wallace, B.: A Study in Bots: Dexter. https://blog.cylance.com/a-study-in-bots-dexter-pos-botnet-malware

Watkins, L., Silberberg, K., Morales, J.A., Robinson, W.H.: Using inherent command and control vulnerabilities to halt DDoS attacks. In: 2015 10th International Conference on Malicious Unwanted Software, MALWARE 2015, pp. 3–10 (2016). https://doi.org/10.1109/malware.2015.7413679

10.

Goodin, D.: White hats publish DDoS hijacking manual, turn tables on attackers | Ars Technica. https://arstechnica.com/information-technology/2012/08/ddos-take-down-manual/

11.

Goodin, D.: Zeus botnets’ Achilles’ Heel makes infiltration easy • The Register. http://www.theregister.co.uk/2010/09/27/zeus_botnet_hijacking

12.

Grange, W.: Digital Vengeance: Exploiting the Most Notorious C & C Toolkits Ethics of Hacking back (2017)

13.

Geers, K., Czosseck, C.: The Virtual Battlefield: Perspectives on Cyber Warfare. Network Security. IOS Press, Amsterdam (2009). 305 pages

14.

Dereszowski, A.: Targeted attacks: from being a victim to counter attacking, pp. 1–28 (2010)

15.

Rascagnères, P.: Public document APT1: technical backstage malware analysis. General Information History, pp. 1–48 (2013)

16.

Denbow, S., Hertz, J.: Pest control: taming the rats (2012)

17.

Eisenbarth, M., Jones, J.: BladeRunner: adventures in tracking botnets. In: Botconf (2013)

18.

Gundert, L.: Proactive Threat Identification Neutralizes Remote Access Trojan Efficacy (2015)

19.

Singel, R.: Security Guru Gives Hackers a Taste of Their Own Medicine | WIRED. https://www.wired.com/2008/04/researcher-demo/

20.

Watkins, L., Kawka, C., Corbett, C., Robinson, W.H.: Fighting banking botnets by exploiting inherent command and control vulnerabilities. In: Proceedings of the 9th IEEE International Conference on Malicious Unwanted Software, MALCON 2014, pp. 93–100 (2014). https://doi.org/10.1109/malware.2014.6999411

21.

Application Verifier | Microsoft Docs. https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/application-verifier

22.

Kageyu, T.: MinHook - The Minimalistic x86/x64 API Hooking Library. https://www.codeproject.com/Articles/44326/MinHook-The-Minimalistic-x-x-API-Hooking-Libra

23.

Kovacs, E.: Alleged Author of MegalodonHTTP Malware Arrested | SecurityWeek.Com. https://www.securityweek.com/alleged-author-megalodonhttp-malware-arrested

24.

Dexter (malware). https://en.wikipedia.org/wiki/Dexter_(malware)

25.

Wallace, B.: A Study in Bots: DiamondFox. https://www.cylance.com/a-study-in-bots-diamondfox

26.

PHP: mysql_real_escape_string – Manual. http://php.net/manual/en/function.mysql-real-escape-string.php

27.

PHP: htmlentities – Manual. http://php.net/manual/en/function.htmlentities.php

28.

Top 10-2017 Top 10 – OWASP. https://www.owasp.org/index.php/Top_10-2017_Top_10

29.

Agmon, O., Posener, B.E., Schuster, A., Mu, A.: Ginseng: Market-Driven Memory Allocation

30.

Sharfman, I., Schuster, A., Keren, D.: Shape sensitive geometric monitoring categories and subject descriptors. In: PODS (2008). https://doi.org/10.1145/1376916.1376958

31.

Friedman, A., Keren, D.: Privacy-preserving distributed stream monitoring. In: NDSS, pp. 23–26 (2014)

32.

Ben-Yehuda, O.A., Ben-Yehuda, M., Schuster, A., Tsafrir, D.: The Resource-as-a-Service (RaaS) cloud. Commun. ACM 57, 76–84. https://doi.org/10.1145/2627422

33.

Gilburd, B., Schuster, A., Wolff, R.: k-TTP: a new privacy model for large-scale distributed environments. In: Proceedings of the Tenth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 563–568 (2004). https://doi.org/10.1145/1014052.1014120

34.

Schuster, A., Wolff, R., Gilburd, B.: Privacy-preserving association rule mining in large-scale distributed systems. In: Proceedings of Cluster Computing and Grid, pp. 1–8 (2004)

35.

Verner, U., Schuster, A., Silberstein, M., Mendelson, A.: Scheduling processing of real-time data streams on heterogeneous multi-GPU systems. In: Proceedings of the 5th Annual International Systems and Storage Conference - SYSTOR 2012, pp. 1–12 (2012). https://doi.org/10.1145/2367589.2367596

Title: Detection in the Dark – Exploiting XSS Vulnerability in C&C Panels to Detect Malwares
Authors: Shay Nachum
Assaf Schuster
Opher Etzion
Publisher: Springer International Publishing
Book: Cyber Security Cryptography and Machine Learning
Print ISBN: 978-3-319-94146-2

Electronic ISBN: 978-3-319-94147-9

Copyright Year: 2018
DOI: https://doi.org/10.1007/978-3-319-94147-9_18

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner