Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On January 10, 2017

January 6, SecurityWeek – (International) New “Ghost Host” technique boosts botnet resiliency. Cyren security researchers reported that malware developers have started leveraging a new technique, dubbed ghost host, which fools Web security and Uniform Resource Locator (URL) filtering systems by inserting non-malicious host names that are both registered and unregistered into the Hypertext Transfer Protocol (HTTP) host fields of a botnet’s communications, in order to guarantee communication with the command and control (C&C) server is not blocked by security systems. The botnet operator can also manipulate the server to respond differently when messages using different ghost host names are received, including commanding the botnet to download a specific type of malware onto a device.  Source

Above Reprinted from the USDHS Daily Open Source Infrastructure Report

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.