Applied cryptography (2nd ed.): protocols, algorithms, and source code in C
Applied cryptography (2nd ed.): protocols, algorithms, and source code in C
PolyUnpack: Automating the Hidden-Code Extraction of Unpack-Executing Malware
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Spamming botnets: signatures and characteristics
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
FluXOR: Detecting and Monitoring Fast-Flux Service Networks
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
BotTracer: Execution-Based Bot-Like Malware Detection
ISC '08 Proceedings of the 11th international conference on Information Security
Proceedings of the 15th ACM conference on Computer and communications security
SS'08 Proceedings of the 17th conference on Security symposium
Automating analysis of large-scale botnet probing events
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Studying spamming botnets using Botlab
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
BotGraph: large scale spamming botnet detection
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
Malyzer: Defeating Anti-detection for Application-Level Malware Analysis
ACNS '09 Proceedings of the 7th International Conference on Applied Cryptography and Network Security
De-anonymizing the internet using unreliable IDs
Proceedings of the ACM SIGCOMM 2009 conference on Data communication
A New Windows Driver-Hidden Rootkit Based on Direct Kernel Object Manipulation
ICA3PP '09 Proceedings of the 9th International Conference on Algorithms and Architectures for Parallel Processing
Dispatcher: enabling active botnet infiltration using automatic protocol reverse-engineering
Proceedings of the 16th ACM conference on Computer and communications security
Toward Revealing Kernel Malware Behavior in Virtual Execution Environments
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
SBotMiner: large scale search bot detection
Proceedings of the third ACM international conference on Web search and data mining
Botnet: classification, attacks, detection, tracing, and preventive measures
ICICIC '09 Proceedings of the 2009 Fourth International Conference on Innovative Computing, Information and Control
Neural network approach to locating cryptography in object code
ETFA'09 Proceedings of the 14th IEEE international conference on Emerging technologies & factory automation
Creation of the importance scanning worm using information collected by Botnets
Computer Communications
On the effectiveness of IP reputation for spam filtering
COMSNETS'10 Proceedings of the 2nd international conference on COMmunication systems and NETworks
Fighting spam on the sender side: a lightweight approach
EUNICE'10 Proceedings of the 16th EUNICE/IFIP WG 6.6 conference on Networked services and applications: engineering, control and management
Hybrid analysis and control of malware
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
A case study in ethical decision making regarding remote mitigation of botnets
FC'10 Proceedings of the 14th international conference on Financial cryptograpy and data security
Clustering botnet communication traffic based on n-gram feature selection
Computer Communications
Honeypot trace forensics: The observation viewpoint matters
Future Generation Computer Systems
AntBot: Anti-pollution peer-to-peer botnets
Computer Networks: The International Journal of Computer and Telecommunications Networking
What's clicking what? techniques and innovations of today's clickbots
DIMVA'11 Proceedings of the 8th international conference on Detection of intrusions and malware, and vulnerability assessment
No plan survives contact: experience with cybercrime measurement
CSET'11 Proceedings of the 4th conference on Cyber security experimentation and test
BOTMAGNIFIER: locating spambots on the internet
SEC'11 Proceedings of the 20th USENIX conference on Security
Detecting malware's failover C&C strategies with squeeze
Proceedings of the 27th Annual Computer Security Applications Conference
Identifying botnets by capturing group activities in DNS traffic
Computer Networks: The International Journal of Computer and Telecommunications Networking
So you want to take over a botnet
LEET'12 Proceedings of the 5th USENIX conference on Large-Scale Exploits and Emergent Threats
Re-wiring activity of malicious networks
PAM'12 Proceedings of the 13th international conference on Passive and Active Measurement
Simulation-based study of botnets and defense mechanisms against them
Journal of Computer and Systems Sciences International
SpaDeS: Detecting spammers at the source network
Computer Networks: The International Journal of Computer and Telecommunications Networking
Exploiting visual appearance to cluster and detect rogue software
Proceedings of the 28th Annual ACM Symposium on Applied Computing
Modeling and evaluating of typical advanced peer-to-peer botnet
Performance Evaluation
Hi-index | 0.00 |
In this paper we present a case study of the steps leading up to the extraction of the spam bot payload found within a backdoor rootkit known as Backdoor.Rustock.B or Spam-Mailbot.c. Following the extraction of the spam module we focus our analysis on the steps necessary to decrypt the communications between the command and control server and infected hosts. Part of the discussion involves a method to extract the encryption key from within the malware binary and use that to decrypt the communications. The result is a better understanding of an advanced botnet communications scheme.