Disturbing trend - Hiding in plain sight
Most of you know that I do a lot of research on the horrible things that haunt the internet. Recently, I have come across enough samples of malcode to suggest a truly sinister problem is heading our way.
Though I cannot release the specifics, I have seen several unrelated groups actively testing spyware that once inside your perimeter, tunnels out to the C&C via SSH and in other cases, SSL.
Detecting these new threats will be extremely difficult and will force security vendors to quickly throw together hueristics that say if you see this protocol and if the destination is an IRC server then block the traffic (or something of the like).
I'm going to discuss this in detail with an AV vendor on Monday. Hopefully they will have encouraging news, as in they are also aware and have a viable solution ready to go.
Consider this your early warning.
--TH13
Re: Disturbing trend - Hiding in plain sight
Quote:
Originally posted here by thehorse13
tunnels out to the C&C via SSH and in other cases, SSL.
--TH13
At the risk of sounding like an amature, I'm not sure I understand what you mean by tunneling out to C&C. Honestly when i see C&C i think of command and conquer. Heh.. but for real, what is this about?