Bot of the day: Ramnit/Ninmul
Jump to navigation
Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
(Publication) Google search: [1]
Bot of the day: Ramnit/Ninmul | |
---|---|
Botnet | |
Malware | Ramnit, Ninmul |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2011 / 18 juillet 2011 |
Editor/Conference | |
Link | http://www.emergingthreatspro.com/bot-of-the-day/bot-of-the-day-ramnitninmul/ (Archive copy) |
Author | Matthew Jonkman |
Type |
Abstract
“ Ramnit is interesting because it tries to slide a command and control channel in on port 443 (SSL). Why port 443, a few reasons I might choose to do that:
- Many sites disable app processing on port 443 to save load on their IDS engine.
- Some old content filters used to just look at IP and nothing else for what they assumed was SSL.
- Port 443 is usually left wide open on firewalls that can’t proxy.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2011BFR810, editor = {}, author = {Matthew Jonkman}, title = {Bot of the day: Ramnit/Ninmul}, date = {Error: Invalid time.}, month = Error: Invalid time., year = {2011}, howpublished = {\url{http://www.emergingthreatspro.com/bot-of-the-day/bot-of-the-day-ramnitninmul/}}, }