Posts

Virut is a botnet malware family which has initially been observed 13 years ago, in 2006. Traditionally, it spreads as a file-infecting …

The following blog was written while working for CrowdStrike. It is available at …

The following blog was written while working for CrowdStrike. It deals with a characteristic code invocation technique on 32-bit …

While most of the stuff we analyze is Windows malware, when it comes to implementing detection or analysis approaches, we surely turn …

As part of our research on botnets, we developed recognition techniques for botnet command and control flows, such as CoCoSpot. …

While malware comes in many different flavors, e.g., spam bots, banking trojans or denial-of-service bots, one important monetization …

A defining characteristic of a bot is its ability to be remote-controlled by way of command and control (C2). Typically, a bot receives …

ARP, the address resolution protocol, is used on an Ethernet network to map IP addresses to hardware (MAC) addresses. By default, a …

DNS as carrier for botnet C&C seems to be getting popular. Concerning its usage as botnet C&C, DNS has not been seen so far. …