Covert channels over social networks

From Botnets.fr
Revision as of 13:30, 3 August 2015 by Eric.freyssinet (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

(Publication) Google search: [1]

Covert channels over social networks
Botnet
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2012 / 2012-03-20
Editor/Conference SANS Institute
Link http://www.sans.org/reading-room/whitepapers/threats/covert-channels-social-networks-33960 (Archive copy)
Author Jose Selvi
Type White paper

Abstract

There are many ways to embed data into unused fields of some network protocols

like IP, TCP, etc in order to send and receive data in a hidden way. Nowadays, malware coders are hiding their communications using https, but techniques such as DNS sinkhole can help network administrators to stop some of them. The following step in Covert Channels is to embed data into known applications such as, for instance, social networks. Since it uses known domain names, it is difficult to detect the difference between real communications and evil ones. In this paper, we review some ways to embed data into these social networks, and how this can affect to corporate and personal security. As a proof of concept, we have released a tool called "facecat" FaceBook Cat). With this tool we can relay ports using a FaceBook Wall as a Pipe, so it can be used through proxies and other network protections.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR2215,
   editor = {SANS Institute},
   author = {Jose Selvi},
   title = {Covert channels over social networks},
   date = {20},
   month = Mar,
   year = {2012},
   howpublished = {\url{http://www.sans.org/reading-room/whitepapers/threats/covert-channels-social-networks-33960}},
 }