Tuesday, December 11, 2007

Web 2.0 Services Can Be Abused For Botnet C&C

Via heise Security News.

A new approach to the command and control of bots has been identified by Finjan. In its 4th quarter 2007 Web Security Trends Report, the vendor describes how public Web 2.0 services can be exploited by bot operators. Instead of command and control servers communicating directly or via Fast Flux networks with individual bot computers, they can now send instructions and receive data indirectly via legitimate public blogs and RSS feed aggregators.

The attacker infects a suitable number of hosts with a trojan using well-established techniques such as Iframe injection exploits. The trojan accepts its commands over an RSS feed and posts its output, suitably formatted, to a legitimate public blog that the attacker has access to. The botnet comand and control server also signs up with a different legitimate public blog. Its commands are posted to the blog and relayed unwittingly over RSS from that blog via an RSS aggregation service subscribed to by the trojans on the bots.

More here.

0 Comments:

Post a Comment

<< Home