Malicious traffic analysis
A periodic analysis of network traffic can help detect the presence of any malware-infected hosts on our network. There is no one size fits all approach to analyzing malware traffic as there can be varying factors, such as channel of communication, different signature of the exploits and payloads used, and much more which will affect the approach we take. We will look at the following case study of one of the most popular threats of its time and analyze the traffic generated by it.
Case study – Blackhole exploit kit
An exploit is a piece of code that takes advantage of a vulnerability and an exploit kit is a simply a toolset containing the exploit code and payloads to automate the process of compromising a system, and taking care of the post exploitation job.
Blackhole, an exploit kit, was the most prevalent web threat in the year 2012 and was released on an underground hacking forum, according to Wikipedia.
Note
To understand the functionality of this exploit kit,...