Bot of the day: Ramnit/Ninmul
Jump to navigation
Jump to search
(Publication) Google search: [1]
Bot of the day: Ramnit/Ninmul | |
---|---|
Botnet | |
Malware | Ramnit, Ninmul |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2011 / 18 juillet 2011 |
Editor/Conference | |
Link | http://www.emergingthreatspro.com/bot-of-the-day/bot-of-the-day-ramnitninmul/ (Archive copy) |
Author | Matthew Jonkman |
Type |
Abstract
“ Ramnit is interesting because it tries to slide a command and control channel in on port 443 (SSL). Why port 443, a few reasons I might choose to do that:
- Many sites disable app processing on port 443 to save load on their IDS engine.
- Some old content filters used to just look at IP and nothing else for what they assumed was SSL.
- Port 443 is usually left wide open on firewalls that can’t proxy.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2011BFR810, editor = {}, author = {Matthew Jonkman}, title = {Bot of the day: Ramnit/Ninmul}, date = {Error: Invalid time.}, month = Error: Invalid time., year = {2011}, howpublished = {\url{http://www.emergingthreatspro.com/bot-of-the-day/bot-of-the-day-ramnitninmul/}}, }