Targeted attacks: From being a victim to counter attacking

This paper is an analysis of a common sort of targeted attack per-formed nowadays against many organizations.As it turns out,publicly available remote administration tools (which we usually call trojans) are frequently used to maintain control over the victim after a success-ful penetration. The paper does not focus on particular exploitation techniques used in these attacks. Instead, it aims to get a closer look at one of such trojans. First chapters describe a way to gure out which trojan has been used. The following chapters describe in brief the architecture, capabilities and techniques employed by developers of the identi ed trojan, including mechanisms to hide its presence in the system, and to cover its network trace. The paper presents all the techniques used to perform the analysis. In the nal chapters,a quick vulnerability analysis has been performed to show that such intruders could also be an object of an attack. . .

Download PDF