Walking through Win32/Jabberbot.A instant messaging C&C
(Publication) Google search: [1]
Walking through Win32/Jabberbot.A instant messaging C&C | |
---|---|
Botnet | Jabberbot |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | XMPP |
Date | 2013 / 2013-01-30 |
Editor/Conference | ESET |
Link | http://www.welivesecurity.com/2013/01/30/walking-through-win32jabberbot-a-instant-messaging-cc/ (Archive copy) |
Author | Alexis Dorais-Joncas |
Type | Blogpost |
Abstract
“ Malware authors have a solid track record in regards to creative Command and Control protocols. We’ve seen peer-to-peer protocols, some custom (Sality), some standard (Win32/Storm uses the eDonkey P2P protocol). We’ve seen binary protocols (Win32/Peerfrag, aka Palevo). We’ve seen other custom protocols that leverage other standard protocols such as HTTP (Win32/Georbot), DNS (Morto) and IRC (Win32/AutoRun.IRCBot.AK). Others have leveraged popular web services such as Twitter (OSX/Flashback).
This analysis focuses on Win32/Jabberbot.A, a piece of malicious code that uses a different kind of protocol: theExtensible Messaging and Presence Protocol (XMPP), a protocol for instant messaging that is commonly known as the Jabber protocol.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2013BFR2227, editor = {ESET}, author = {Alexis Dorais-Joncas}, title = {Walking through Win32/Jabberbot.A instant messaging C&C}, date = {30}, month = Jan, year = {2013}, howpublished = {\url{http://www.welivesecurity.com/2013/01/30/walking-through-win32jabberbot-a-instant-messaging-cc/}}, }