Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    December 2014
    S M T W T F S
    « Nov    
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  
  • Email Subscription

  • About Us

    Backdoors are an essential part of targeted attacks, as they allow an external threat actor to exercise control over any compromised machines. These allow the threat actor to collect information and move laterally within the targeted organization.

    Our investigations into various targeted attacks have showed that a wide variety of tactics are used by backdoors to carry out their routines, as well as remain undetected by network administrators and security products. Over time, these techniques have evolved as more sophisticated defenses become available to network administrators.

    Initially, all that was needed for an attacker to connect to a compromised machine was an open TCP/IP port. However, as firewalls became more commonplace, other techniques became necessary. Techniques evolved so that it would be clients first connecting to servers, since blocking outbound traffic was, initially, less common.

    Over time, as the possible defenses have become more sophisticated, so have the techniques in use. For example, publicly available blogs have become command-and-control (C&C) servers of a sort:

    Figure 1. Blog used for command and control (click to enlarge image)

    This free “blog” contains ciphertext that, when decrypted by the backdoor, reveals the actual C&C servers. Using free services for C&C functions is not new; we noted just recently how Dropbox was being used in a similar way.

    This paper titled Backdoor Use in Targeted Attacks is based on the experience we have gathered in investigating various targeted attacks. It details some of the various techniques we’ve seen in use to connect backdoors with their C&C servers. In addition. it provides IT administrators with accepted best practices to help prevent these techniques from taking root in their organizations. Other resources to help deal with targeted attacks can be found in our Threat Intelligence Resources on Targeted Attacks.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice