Enregistré dans:
Détails bibliographiques
Auteurs principaux: Lai, Anthony Cheuk Tung, Kamluk, Vitaly, Ho, Alan, Ke, Ping Fan, Wai, Byron
Format: Preprint
Publié: 2025
Sujets:
Accès en ligne:https://arxiv.org/abs/2502.02335
Tags: Ajouter un tag
Pas de tags, Soyez le premier à ajouter un tag!
_version_ 1866915141247827968
author Lai, Anthony Cheuk Tung
Kamluk, Vitaly
Ho, Alan
Ke, Ping Fan
Wai, Byron
author_facet Lai, Anthony Cheuk Tung
Kamluk, Vitaly
Ho, Alan
Ke, Ping Fan
Wai, Byron
contents Backdoor Malware are installed by an attacker on the victim's server(s) for authorized access. A customized backdoor is weaponized to execute unauthorized system, database and application commands to access the user credentials and confidential digital assets. Recently, we discovered and analyzed a targeted persistent module backdoor in Web Server in an online business company that was undetectable by their deployed Anti-Virus software for a year. This led us to carry out research to detect this specific type of persistent module backdoor installed in Web servers. Other than typical Malware static analysis, we carry out analysis with binary similarity, strings, and command obfuscation over the backdoor, resulting in the Target Attack Backdoor Malware Analysis Matrix (TABMAX) for organizations to detect this sophisticated target attack backdoor instead of a general one which can be detected by Anti-Virus detectors. Our findings show that backdoor malware can be designed with different APIs, commands, strings, and query language on top of preferred libraries used by typical Malware.
format Preprint
id arxiv_https___arxiv_org_abs_2502_02335
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Target Attack Backdoor Malware Analysis and Attribution
Lai, Anthony Cheuk Tung
Kamluk, Vitaly
Ho, Alan
Ke, Ping Fan
Wai, Byron
Cryptography and Security
Backdoor Malware are installed by an attacker on the victim's server(s) for authorized access. A customized backdoor is weaponized to execute unauthorized system, database and application commands to access the user credentials and confidential digital assets. Recently, we discovered and analyzed a targeted persistent module backdoor in Web Server in an online business company that was undetectable by their deployed Anti-Virus software for a year. This led us to carry out research to detect this specific type of persistent module backdoor installed in Web servers. Other than typical Malware static analysis, we carry out analysis with binary similarity, strings, and command obfuscation over the backdoor, resulting in the Target Attack Backdoor Malware Analysis Matrix (TABMAX) for organizations to detect this sophisticated target attack backdoor instead of a general one which can be detected by Anti-Virus detectors. Our findings show that backdoor malware can be designed with different APIs, commands, strings, and query language on top of preferred libraries used by typical Malware.
title Target Attack Backdoor Malware Analysis and Attribution
topic Cryptography and Security
url https://arxiv.org/abs/2502.02335