C&C Public Pathways

All defense-in-depth strategies monitor backdoor channels for communication enabling remote command and control over an internal beachhead.  We conventionally look for private peer-to-peer pathways to known bad botnets. 

Details from recent cyber incidents paint a different story.  Take the banking Trojan discovered late last year targeting South Korean banks which used Pinterest as the C&C channel.  Just last month, the Janicab Trojan was found to use YouTube. 

So who is monitoring mainstream social networks for possible backdoor command and control traffic?  A simple refinement to use a reputable public content site complicates matters, doesn’t it?

Note:

Original links are no longer accessible.

References:

1. http://blog.trendmicro.com/trendlabs-security-intelligence/malware-campaign-targets-south-korean-banks-uses-pinterest-as-cc-channel/
2. http://omnifeed.com/article/motherboard.vice.com/read/the-worst-youtube-comments-ever-were-actually-used-to-control-malware