Abstract
Malware today often uses very sophisticated methods to avoid being detected on the victim machine itself. However, hiding the actual communication between an attacker and his malware is often neglected by malware authors. As a consequence, intermediate hosts inspecting the incoming and outgoing traffic of the victim host may be able to detect the infection. In this paper, we describe a proof-of-concept server backdoor which hides the in- and exfiltration of data in incoming and outgoing benign traffic of the victim server. Using a low-traffic system call proxy, our backdoor allows the remote execution of arbitrary programs on the victim server without being detectable by network intrusion detection systems. We implement our proof-of-concept backdoor using the HTTP protocol’s Cookie-header and evaluate it against the SNORT network intrusion detection system. In addition, we show how to use other widespread services such as SSH, IPsec, and OpenVPN to conceal the attacker’s communication and briefly discuss countermeasures.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
