Abstract
Numerous defense techniques exist for preventing and detecting malware on end stations and servers (endpoints). Although these techniques are widely deployed on enterprise networks, many types of malware manage to stay under the radar, executing their malicious actions time and again. Therefore, a more creative and effective solution is necessary, especially as classic threat detection techniques do not utilize all stages of the attack kill chain in their attempt to detect malicious behavior on endpoints.
In this paper, we propose a novel approach for detecting malware. Our approach uses offensive and defensive techniques for detecting active malware attacks by exploiting the vulnerabilities of their command and control panels and manipulating significant values in the operating systems of endpoints – in order to attack these panels and utilize trusted communications between them and the infected machine.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Saeed, I., Selamat, A., Abuagoub, A., Abdulaziz, S.: A survey on malware and malware detection systems. Int. J. Comput. Appl. 67, 25–32 (2013). https://doi.org/10.5120/11480-7108
Feily, M., Shahrestani, A., Ramadass, S.: A survey of botnet and botnet detection. In: Proceedings of 2009 3rd International Conference on Emerging Security Information, Systems and Technologies, SECURWARE 2009, pp. 268–273 (2009). https://doi.org/10.1109/securware.2009.48
Cyber Kill Chain®. https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html
Cross-site Scripting (XSS) – OWASP. https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
Sood, A.K.: Exploiting fundamental weaknesses in botnet Command and Control (C & C) panels. Presented at the 2014 (2014)
Sood, A.K.: Malware at Stake: For Fun - XSS in ICE IX C&C Panel. https://secniche.blogspot.co.il/2012/06/for-fun-xss-in-ice-ix-bot-admin-panel.html
Phase Bot – Exploiting C&C Panel | MalwareTech. https://www.malwaretech.com/2014/12/phase-bot-exploiting-c-pane.html
Wallace, B.: A Study in Bots: Dexter. https://blog.cylance.com/a-study-in-bots-dexter-pos-botnet-malware
Watkins, L., Silberberg, K., Morales, J.A., Robinson, W.H.: Using inherent command and control vulnerabilities to halt DDoS attacks. In: 2015 10th International Conference on Malicious Unwanted Software, MALWARE 2015, pp. 3–10 (2016). https://doi.org/10.1109/malware.2015.7413679
Goodin, D.: White hats publish DDoS hijacking manual, turn tables on attackers | Ars Technica. https://arstechnica.com/information-technology/2012/08/ddos-take-down-manual/
Goodin, D.: Zeus botnets’ Achilles’ Heel makes infiltration easy • The Register. http://www.theregister.co.uk/2010/09/27/zeus_botnet_hijacking
Grange, W.: Digital Vengeance: Exploiting the Most Notorious C & C Toolkits Ethics of Hacking back (2017)
Geers, K., Czosseck, C.: The Virtual Battlefield: Perspectives on Cyber Warfare. Network Security. IOS Press, Amsterdam (2009). 305 pages
Dereszowski, A.: Targeted attacks: from being a victim to counter attacking, pp. 1–28 (2010)
Rascagnères, P.: Public document APT1: technical backstage malware analysis. General Information History, pp. 1–48 (2013)
Denbow, S., Hertz, J.: Pest control: taming the rats (2012)
Eisenbarth, M., Jones, J.: BladeRunner: adventures in tracking botnets. In: Botconf (2013)
Gundert, L.: Proactive Threat Identification Neutralizes Remote Access Trojan Efficacy (2015)
Singel, R.: Security Guru Gives Hackers a Taste of Their Own Medicine | WIRED. https://www.wired.com/2008/04/researcher-demo/
Watkins, L., Kawka, C., Corbett, C., Robinson, W.H.: Fighting banking botnets by exploiting inherent command and control vulnerabilities. In: Proceedings of the 9th IEEE International Conference on Malicious Unwanted Software, MALCON 2014, pp. 93–100 (2014). https://doi.org/10.1109/malware.2014.6999411
Application Verifier | Microsoft Docs. https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/application-verifier
Kageyu, T.: MinHook - The Minimalistic x86/x64 API Hooking Library. https://www.codeproject.com/Articles/44326/MinHook-The-Minimalistic-x-x-API-Hooking-Libra
Kovacs, E.: Alleged Author of MegalodonHTTP Malware Arrested | SecurityWeek.Com. https://www.securityweek.com/alleged-author-megalodonhttp-malware-arrested
Dexter (malware). https://en.wikipedia.org/wiki/Dexter_(malware)
Wallace, B.: A Study in Bots: DiamondFox. https://www.cylance.com/a-study-in-bots-diamondfox
PHP: mysql_real_escape_string – Manual. http://php.net/manual/en/function.mysql-real-escape-string.php
PHP: htmlentities – Manual. http://php.net/manual/en/function.htmlentities.php
Top 10-2017 Top 10 – OWASP. https://www.owasp.org/index.php/Top_10-2017_Top_10
Agmon, O., Posener, B.E., Schuster, A., Mu, A.: Ginseng: Market-Driven Memory Allocation
Sharfman, I., Schuster, A., Keren, D.: Shape sensitive geometric monitoring categories and subject descriptors. In: PODS (2008). https://doi.org/10.1145/1376916.1376958
Friedman, A., Keren, D.: Privacy-preserving distributed stream monitoring. In: NDSS, pp. 23–26 (2014)
Ben-Yehuda, O.A., Ben-Yehuda, M., Schuster, A., Tsafrir, D.: The Resource-as-a-Service (RaaS) cloud. Commun. ACM 57, 76–84. https://doi.org/10.1145/2627422
Gilburd, B., Schuster, A., Wolff, R.: k-TTP: a new privacy model for large-scale distributed environments. In: Proceedings of the Tenth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 563–568 (2004). https://doi.org/10.1145/1014052.1014120
Schuster, A., Wolff, R., Gilburd, B.: Privacy-preserving association rule mining in large-scale distributed systems. In: Proceedings of Cluster Computing and Grid, pp. 1–8 (2004)
Verner, U., Schuster, A., Silberstein, M., Mendelson, A.: Scheduling processing of real-time data streams on heterogeneous multi-GPU systems. In: Proceedings of the 5th Annual International Systems and Storage Conference - SYSTOR 2012, pp. 1–12 (2012). https://doi.org/10.1145/2367589.2367596
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Nachum, S., Schuster, A., Etzion, O. (2018). Detection in the Dark – Exploiting XSS Vulnerability in C&C Panels to Detect Malwares. In: Dinur, I., Dolev, S., Lodha, S. (eds) Cyber Security Cryptography and Machine Learning. CSCML 2018. Lecture Notes in Computer Science(), vol 10879. Springer, Cham. https://doi.org/10.1007/978-3-319-94147-9_18
Download citation
DOI: https://doi.org/10.1007/978-3-319-94147-9_18
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-94146-2
Online ISBN: 978-3-319-94147-9
eBook Packages: Computer ScienceComputer Science (R0)