Walking through Win32/Jabberbot.A instant messaging C&C
(Publication) Google search: [1]
| Walking through Win32/Jabberbot.A instant messaging C&C | |
|---|---|
| Botnet | Jabberbot |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | XMPP |
| Date | 2013 / 2013-01-30 |
| Editor/Conference | ESET |
| Link | http://www.welivesecurity.com/2013/01/30/walking-through-win32jabberbot-a-instant-messaging-cc/ (Archive copy) |
| Author | Alexis Dorais-Joncas |
| Type | Blogpost |
Abstract
“ Malware authors have a solid track record in regards to creative Command and Control protocols. We’ve seen peer-to-peer protocols, some custom (Sality), some standard (Win32/Storm uses the eDonkey P2P protocol). We’ve seen binary protocols (Win32/Peerfrag, aka Palevo). We’ve seen other custom protocols that leverage other standard protocols such as HTTP (Win32/Georbot), DNS (Morto) and IRC (Win32/AutoRun.IRCBot.AK). Others have leveraged popular web services such as Twitter (OSX/Flashback).
This analysis focuses on Win32/Jabberbot.A, a piece of malicious code that uses a different kind of protocol: theExtensible Messaging and Presence Protocol (XMPP), a protocol for instant messaging that is commonly known as the Jabber protocol.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2013BFR2227,
editor = {ESET},
author = {Alexis Dorais-Joncas},
title = {Walking through Win32/Jabberbot.A instant messaging C&C},
date = {30},
month = Jan,
year = {2013},
howpublished = {\url{http://www.welivesecurity.com/2013/01/30/walking-through-win32jabberbot-a-instant-messaging-cc/}},
}