Multitenancy Botnets thwart threat analysis
(Publication) Google search: [1]
Multitenancy Botnets thwart threat analysis | |
---|---|
Botnet | |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2012 / Wednesday, May 9, 2012 |
Editor/Conference | Open-Source Security Tools |
Link | http://ossectools.blogspot.fr/2012/05/multitenancy-botnets-thwart-threat.html ossectools.blogspot.fr (ossectools.blogspot.fr Archive copy) |
Author | Martin |
Type |
Abstract
“ Multitenancy Botnets Thwart Threat Analysis
There was a great thread on the EmergingThreats.net mailing list today regarding writing IDS signatures for a recent botnet communications channel. This a very typical topic for discussion on the list, but in researching possible signatures, I found some surprisingly easy to observe communication of a compromised asset with is controller which shows how difficult it is to parameterize the threat of a given botnet. Even labeling a botnet has grown extremely difficult as the codebases for each botnet are so intertwined that the tell-tale characteristics of each one blend until there's little distinction between them. This makes attribution of attacks very difficult and provides a fair amount of anonymity through abstraction to the botnet masters.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1005, editor = {Open-Source Security Tools}, author = {Martin}, title = {Multitenancy Botnets thwart threat analysis}, date = {09}, month = May, year = {2012}, howpublished = {\url{http://ossectools.blogspot.fr/2012/05/multitenancy-botnets-thwart-threat.html ossectools.blogspot.fr}}, }