January 6, SecurityWeek – (International) New “Ghost Host” technique boosts botnet resiliency. Cyren security researchers reported that malware developers have started leveraging a new technique, dubbed ghost host, which fools Web security and Uniform Resource Locator (URL) filtering systems by inserting non-malicious host names that are both registered and unregistered into the Hypertext Transfer Protocol (HTTP) host fields of a botnet’s communications, in order to guarantee communication with the command and control (C&C) server is not blocked by security systems. The botnet operator can also manipulate the server to respond differently when messages using different ghost host names are received, including commanding the botnet to download a specific type of malware onto a device. Source
Above Reprinted from the USDHS Daily Open Source Infrastructure Report