Multitenancy Botnets thwart threat analysis

From Botnets.fr
Jump to navigation Jump to search

(Publication) Google search: [1]

Multitenancy Botnets thwart threat analysis
Botnet
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2012 / Wednesday, May 9, 2012
Editor/Conference Open-Source Security Tools
Link http://ossectools.blogspot.fr/2012/05/multitenancy-botnets-thwart-threat.html ossectools.blogspot.fr (ossectools.blogspot.fr Archive copy)
Author Martin
Type

Abstract

Multitenancy Botnets Thwart Threat Analysis

There was a great thread on the EmergingThreats.net mailing list today regarding writing IDS signatures for a recent botnet communications channel. This a very typical topic for discussion on the list, but in researching possible signatures, I found some surprisingly easy to observe communication of a compromised asset with is controller which shows how difficult it is to parameterize the threat of a given botnet. Even labeling a botnet has grown extremely difficult as the codebases for each botnet are so intertwined that the tell-tale characteristics of each one blend until there's little distinction between them. This makes attribution of attacks very difficult and provides a fair amount of anonymity through abstraction to the botnet masters.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1005,
   editor = {Open-Source Security Tools},
   author = {Martin},
   title = {Multitenancy Botnets thwart threat analysis},
   date = {09},
   month = May,
   year = {2012},
   howpublished = {\url{http://ossectools.blogspot.fr/2012/05/multitenancy-botnets-thwart-threat.html ossectools.blogspot.fr}},
 }