Submission + - Behavior Matters, Botnetz/Command & Control (batblue.com)
JohnBert writes: "A great deal has been made lately about Botnetz and Command & Control (C&C) Architecture and for good reason. They are wily and today pose the greatest challenge to organizational security.
Botnetz and C&C tend to be hard to detect via signature approaches due to a number of factors. These include:
The large number of unique and one-off botz that operate as Zero day (no known signatures)
Use of Droppers for payload delivery. Droppers are pre-bot applications that are not malicious, but are used to retrieve the malicious applications based on some criteria.
Use of hard to detect algorithms to select predetermined fresh download points that thwart IP reputation systems.
Leveraging encrypted communications to bypass perimeter defenses and retain anonymity
All of this makes Botnetz/C&Cs very difficult to detect. Even if your organization has invested in tools specifically geared to identify such, Botmasters leverage their agility to adapt to static techniques used by these tools.
Follow link to story to read more!"
Botnetz and C&C tend to be hard to detect via signature approaches due to a number of factors. These include:
The large number of unique and one-off botz that operate as Zero day (no known signatures)
Use of Droppers for payload delivery. Droppers are pre-bot applications that are not malicious, but are used to retrieve the malicious applications based on some criteria.
Use of hard to detect algorithms to select predetermined fresh download points that thwart IP reputation systems.
Leveraging encrypted communications to bypass perimeter defenses and retain anonymity
All of this makes Botnetz/C&Cs very difficult to detect. Even if your organization has invested in tools specifically geared to identify such, Botmasters leverage their agility to adapt to static techniques used by these tools.
Follow link to story to read more!"