Abstract
Chapter 2 shows how attackers can use browsers and software that provide active content for browsers such as Java and Adobe Flash as vectors to get an initial foothold in a network. Another option is malware. Malicious documents, like Word documents, can be used to provide an attacker with an initial shell on a target system.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Clever attackers might also give the program a different name – MalwareLinux32 might be a bit obvious.
- 2.
The precise files can vary slightly with the Linux distribution. For example, OpenSuSE 13.1 stores the value of SOCK_STREAM in /usr/include/bits/socket_type.h (which is included from /usr/include/bits/socket.h). Later versions of Mint and Ubuntu behave similarly; some also store the files in the directory /usr/include/i386-linux-gnu/bits/ or /usr/include/x86_64-linux-gnu/bits/.
- 3.
Notice that the traffic is not encrypted, despite using TCP/443.
- 4.
The name of the executable and the directories in this section vary each time a persistence script is run, so don’t expect to see this precise name on your test system.
- 5.
If the path to the program contains spaces, be sure to read http://support.microsoft.com/kb/823093/en-us .
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2015 Mike O'Leary
About this chapter
Cite this chapter
O’Leary, M. (2015). Malware and Persistence. In: Cyber Operations. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-0457-3_10
Download citation
DOI: https://doi.org/10.1007/978-1-4842-0457-3_10
Published:
Publisher Name: Apress, Berkeley, CA
Print ISBN: 978-1-4842-0458-0
Online ISBN: 978-1-4842-0457-3
eBook Packages: Professional and Applied ComputingApress Access BooksProfessional and Applied Computing (R0)