The April issue of Hakin9 Mobile Security is out. This month’s magazine features the article “Cisco IOS Rootkits and Malware: A practical guide” by Jason Nehrboss:
Propagating the worm code into a new router can either be quite easy, difficult, or impossible. There are many variations of supported IOS code and hardware platforms. The author discusses the use of and demonstrates an IOS Embedded Event Manager rootkit and worm. When a router is infected it can be leveraged into a powerful malware platform. Capabilities demonstrated are network packet captures, reverse shell connections, a spam module, and a mini malware httpd server leveraged with ip address hijacking. In this article you will learn how to exploit critical network devices, network traffic traversing these devices and act as a launch point for further attacks into a network You will also learn about a self replicating IOS worm with stealth features and self defense mechanisms, all with platform independent code.
Also in this issue Craig Wright continues his excellent series on exploit creation. This month’s article is entitled, “Taking control, Functions to DLL injection“:
DLL injection is one of the most common methods used by malware such as a rootkit to load it into the host’s privileged processes. Once injected, code can be inserted into functions being transmitted between the compromised code and a library function. This step is frequently followed with API hooking where the malicious code is used to vary the library function calls and returns. This article is part of a monthly series designed to take the reader from a novice to being able to create and deploy their own shellcode and exploits. With this knowledge, you will learn just how easy it is for sophisticated attackers to create code that can bypass many security tools. More, armed with this knowledge you will have the ability to reverse engineer attack code and even malware allowing you to determine what the attacker was intending to launch against your system.
Other articles include:
- Deceiving Networks Defenses with Nmap Camouflaged Scanning By Roberto Saia
- Exploiting Software By Swetha Dabbara
- Cross Site Request Forgery – Session Riding By Miroslav Ludvik and Michal Srnec
- Data Logging with Syslog: A troubleshooting and auditing mechanism By Abdy Martinez
- Social Engineering – New Era of Corporate Espionage By Amar Suhas