26
-
Remote logging.
-
Network logon.
The list can be continued indefinitely, as almost any program or system that does
not use out of band traffic is affected. Any communication that passes the wire
were the malware was able to “see” it, is a subject for this attack. If the malware
will use the Black IDS technology – we will lose control in our organization.
Moreover, the bigger organization – the higher chances for this threat to success.
The solution for this problem may be the use of covert channels and out of
band communication in our critical systems. As I said before regarding the
Black Antivirus, some “BlackHat” technologies could be useful or even necessary
in our “WhiteHat” world…
2.8 Crypto Viruses and Steganography
This is very interesting subject and many books and publications dedicated to it
[b3, b4]. Crypto viruses are viruses that utilize asymmetric encryption. In fact,
there are number of viruses that already utilize symmetric encryption, but no one
– asymmetric (as I remember).
Using steganography for covert communication and for malware purposes is not
new, but it is a very dangerous techniques. Utilizing steganography, a big
malware code can be encrypted and hidden in a large move file and then wait for
the fast and small Flash worm to execute it…
I just want to point to the fact, that crypto viruses and steganography is relatively
unexplored and unused techniques in malware. We must be ready if such
techniques appear in the future.
2.9 Using Automation software
Malware could use or reconfigure existing process automation software. These
powerful programs can perform quite complex tasks by automating "macro"
processes in a system.
Let us review the "AutoMate" product by Network Automation, Inc [16]. Here are
the features and capabilities of this product (from the vendor's manuals and web
site):
 |
 |
 |