On Tue, 2010-05-04 at 16:35 -0500, Robert McGrew wrote: > On Tue, May 4, 2010 at 3:18 PM, Adrian Crenshaw <[email protected]> wrote: > > Hi all, > > I'm working on a class final paper, and would like your feed back on the > > ideas I have. Attached is a paper in PDF format (no embedded exploits, trust > > me) on Steganographic Command and Control for Botnets and Darknets. Please > > let me have your comments. > > Cool idea. Have you considered the possibility of setting a bot up as > a transparent proxy for web traffic on the user's system, and > on-the-fly rewriting the user's actual content in order to hide the > data (and processing the data the user views for incoming hidden > data). This way, you would be using the user's actual facebook posts, > twitpics, etc. as your carrier. Bots/nodes would "discover" each > other through processing the traffic the user normally browses on > social networking sites, and relay instructions back out by modifying > the user's posts. > > Latency would be higher and less predictable than if you were to > generate content yourself, but it would be much more stealthy. Your > bot could hang out for a while and generate metrics such as: how many > friends the user of the infected system has, how active are they, and > how often they post things that can hide lots of data (images, for > example). Infected systems with favorable metrics could form > backbones for communications between other less-active systems. > > It wouldn't have the instant gratification of connecting to an IRC C&C > and having your horde respond immediately, but I think that there are > a lot of applications of botnets where this would be acceptable. >
I'm speechless...truly speechless...and very, very scared... ;) M. _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
