INNUENDO IMAP CHANNEL DIAGRAM IS HERE IN HTML EMAILS One thing you know about the future of cyber security is that malware is being used right now that is far more advanced than what you read about in various exciting threat reports titled "NAVY PANDA" or "EXCITED BEAR" or "TINY-MINI-FLAME 2.0.1.2.3 rc4 found!". There's been some almost embarrassingly good results from people scanning the whole Internet for FinFisher and other command and control setups after finding an installation or demo copy of it.
But it's not true that malware analysis for "Indicators of Compromise" or scanning for C&C endpoints will work to find the real setups being used by even B-grade teams in the future. Likewise, a connection like INNUENDO's new IMAP channel is hard to disrupt at the network layer since so much of it is encrypted naturally by the transit providers, and of course each campaign is going to use a different email provider. This video shows the gritty and interesting details: http://vimeo.com/108496757 Resources: http://threatpost.com/rat-malware-communicating-via-yahoo-mail/107590 http://blog.trendmicro.com/trendlabs-security-intelligence/backdoor-uses-evernote-as-command-and-control-server/ http://researcher.watson.ibm.com/researcher/files/us-kapil/emailbotnet-dsn08.pdf -dave
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
