I had a similar idea.. I would set up an exploit in a PDF and send it to a large security mailing list and see who opens it.
Wait... IronGeek beat me to it.. Crap. john - Security geeks are like heroin junkies. Our needles are links and PDFs. On Wed, May 5, 2010 at 12:05 AM, Matthew Macdonald-Wallace < [email protected]> wrote: > On Tue, 2010-05-04 at 16:35 -0500, Robert McGrew wrote: > > On Tue, May 4, 2010 at 3:18 PM, Adrian Crenshaw <[email protected]> > wrote: > > > Hi all, > > > I'm working on a class final paper, and would like your feed back > on the > > > ideas I have. Attached is a paper in PDF format (no embedded exploits, > trust > > > me) on Steganographic Command and Control for Botnets and Darknets. > Please > > > let me have your comments. > > > > Cool idea. Have you considered the possibility of setting a bot up as > > a transparent proxy for web traffic on the user's system, and > > on-the-fly rewriting the user's actual content in order to hide the > > data (and processing the data the user views for incoming hidden > > data). This way, you would be using the user's actual facebook posts, > > twitpics, etc. as your carrier. Bots/nodes would "discover" each > > other through processing the traffic the user normally browses on > > social networking sites, and relay instructions back out by modifying > > the user's posts. > > > > Latency would be higher and less predictable than if you were to > > generate content yourself, but it would be much more stealthy. Your > > bot could hang out for a while and generate metrics such as: how many > > friends the user of the infected system has, how active are they, and > > how often they post things that can hide lots of data (images, for > > example). Infected systems with favorable metrics could form > > backbones for communications between other less-active systems. > > > > It wouldn't have the instant gratification of connecting to an IRC C&C > > and having your horde respond immediately, but I think that there are > > a lot of applications of botnets where this would be acceptable. > > > > I'm speechless...truly speechless...and very, very scared... ;) > > M. > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
