PaulDotCom mailing list archives
Steganographic Command and Control
From: irongeek at irongeek.com (Adrian Crenshaw)
Date: Wed, 5 May 2010 12:32:36 -0400
Yeah, I was wondering what the best format to send to the list would be to avoid paranoia. Plain text loses too much of the layout. Adrian On Wed, May 5, 2010 at 12:19 PM, John Strand <strandjs at gmail.com> wrote:
I had a similar idea.. I would set up an exploit in a PDF and send it to a large security mailing list and see who opens it. Wait... IronGeek beat me to it.. Crap. john - Security geeks are like heroin junkies. Our needles are links and PDFs. On Wed, May 5, 2010 at 12:05 AM, Matthew Macdonald-Wallace < lists at truthisfreedom.org.uk> wrote:On Tue, 2010-05-04 at 16:35 -0500, Robert McGrew wrote:On Tue, May 4, 2010 at 3:18 PM, Adrian Crenshaw <irongeek at irongeek.com>wrote:Hi all, I'm working on a class final paper, and would like your feed backon theideas I have. Attached is a paper in PDF format (no embedded exploits,trustme) on Steganographic Command and Control for Botnets and Darknets.Pleaselet me have your comments.Cool idea. Have you considered the possibility of setting a bot up as a transparent proxy for web traffic on the user's system, and on-the-fly rewriting the user's actual content in order to hide the data (and processing the data the user views for incoming hidden data). This way, you would be using the user's actual facebook posts, twitpics, etc. as your carrier. Bots/nodes would "discover" each other through processing the traffic the user normally browses on social networking sites, and relay instructions back out by modifying the user's posts. Latency would be higher and less predictable than if you were to generate content yourself, but it would be much more stealthy. Your bot could hang out for a while and generate metrics such as: how many friends the user of the infected system has, how active are they, and how often they post things that can hide lots of data (images, for example). Infected systems with favorable metrics could form backbones for communications between other less-active systems. It wouldn't have the instant gratification of connecting to an IRC C&C and having your horde respond immediately, but I think that there are a lot of applications of botnets where this would be acceptable.I'm speechless...truly speechless...and very, very scared... ;) M. _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100505/8f741317/attachment.htm
Current thread:
- Steganographic Command and Control Adrian Crenshaw (May 04)
- Steganographic Command and Control Rhonda Kreklau (May 04)
- Steganographic Command and Control Robert McGrew (May 04)
- Steganographic Command and Control Matthew Macdonald-Wallace (May 04)
- Steganographic Command and Control John Strand (May 05)
- Steganographic Command and Control Adrian Crenshaw (May 05)
- Steganographic Command and Control Robert McGrew (May 05)
- Steganographic Command and Control Matthew Macdonald-Wallace (May 04)