Friday, December 11, 2009

Extracting CnC from Malware

The Role of Malware Sample Analysis in Botnet Detection

There often appears to be little or no difference between malware and botnets. If a computer system is infected with either then, as far as users and IT staff are concerned, it is compromised and can no longer be trusted for confidential business use. However, this distinction is important. Both are used by organized cyber criminals for financial gain, but botnets add another dimension to the threat – the ability to be remotely controlled and serve as a digital bridge into an organization.

Modern botnet software typically ships with the full spectrum of malicious capabilities found in top-of-the-line malware. It becomes a ‘botnet’ if it contains features that allow it to communicate with a criminal Command-and-Control (CnC) infrastructure and can be remotely controlled.

Download: PDF

No comments: