PaulDotCom mailing list archives
Steganographic Command and Control
From: wesleymcgrew at gmail.com (Robert McGrew)
Date: Tue, 4 May 2010 16:35:16 -0500
On Tue, May 4, 2010 at 3:18 PM, Adrian Crenshaw <irongeek at irongeek.com> wrote:
Hi all, ??? I'm working on a class final paper, and would like your feed back on the ideas I have. Attached is a paper in PDF format (no embedded exploits, trust me) on Steganographic Command and Control for Botnets and Darknets. Please let me have your comments.
Cool idea. Have you considered the possibility of setting a bot up as a transparent proxy for web traffic on the user's system, and on-the-fly rewriting the user's actual content in order to hide the data (and processing the data the user views for incoming hidden data). This way, you would be using the user's actual facebook posts, twitpics, etc. as your carrier. Bots/nodes would "discover" each other through processing the traffic the user normally browses on social networking sites, and relay instructions back out by modifying the user's posts. Latency would be higher and less predictable than if you were to generate content yourself, but it would be much more stealthy. Your bot could hang out for a while and generate metrics such as: how many friends the user of the infected system has, how active are they, and how often they post things that can hide lots of data (images, for example). Infected systems with favorable metrics could form backbones for communications between other less-active systems. It wouldn't have the instant gratification of connecting to an IRC C&C and having your horde respond immediately, but I think that there are a lot of applications of botnets where this would be acceptable. -- Wesley McGrew http://mcgrewsecurity.com
Current thread:
- Steganographic Command and Control Adrian Crenshaw (May 04)
- Steganographic Command and Control Rhonda Kreklau (May 04)
- Steganographic Command and Control Robert McGrew (May 04)
- Steganographic Command and Control Matthew Macdonald-Wallace (May 04)
- Steganographic Command and Control John Strand (May 05)
- Steganographic Command and Control Adrian Crenshaw (May 05)
- Steganographic Command and Control Robert McGrew (May 05)
- Steganographic Command and Control Matthew Macdonald-Wallace (May 04)