Bot of the day: Ramnit/Ninmul
Revision as of 12:51, 31 July 2015 by Eric.freyssinet (talk | contribs) (Text replacement - "/ www." to "/ |Site=www.")
(Publication) Google search: [1]
| Bot of the day: Ramnit/Ninmul | |
|---|---|
| Botnet | |
| Malware | Ramnit, Ninmul |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2011 / 18 juillet 2011 |
| Editor/Conference | |
| Link | http://www.emergingthreatspro.com/bot-of-the-day/bot-of-the-day-ramnitninmul/ (Archive copy) |
| Author | Matthew Jonkman |
| Type | |
Abstract
“ Ramnit is interesting because it tries to slide a command and control channel in on port 443 (SSL). Why port 443, a few reasons I might choose to do that:
- Many sites disable app processing on port 443 to save load on their IDS engine.
- Some old content filters used to just look at IP and nothing else for what they assumed was SSL.
- Port 443 is usually left wide open on firewalls that can’t proxy.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2011BFR810,
editor = {},
author = {Matthew Jonkman},
title = {Bot of the day: Ramnit/Ninmul},
date = {Error: Invalid time.},
month = Error: Invalid time.,
year = {2011},
howpublished = {\url{http://www.emergingthreatspro.com/bot-of-the-day/bot-of-the-day-ramnitninmul/}},
}