Malware that evades blocking systems and getting into BSD for the first time.

Plus a fresh round up, your questions & much, much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

• HD Video
• Mobile Video
• MP3 Audio
• OGG Audio
• YouTube
• HD Torrent
• Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Malware authors have found a way to evade URL-blocking systems by swapping bad domain names with unknown ones

• Malware is often hosted on pop-up domains (bought specifically for the purpose, and with very odd names). Othertimes, it is resident on compromised hosts (PYS!). As such hosting locations/domains are discovered, they are added to blacklists.
• The criminals have yet anotherfound a way to avoid the blacklists – spoofing
• Spoofing is not knew: think of it as pretending to be someone else.
• What seems to be new is deception in the TCP packets, or more specifcally, the TCP headers.
• For some time now URL filtering techniques have provided a fairly reliable way for organizations to block traffic into their network from domains that are known to be malicious. But as with almost every defense mechanism, threat actors appear to have found a way around that as well.
• Security researchers from Cyren are warning about a new tactic for fooling Web security and URL–filtering systems. The technique, which Cyren has dubbed “Ghost Host,” is designed to evade host and domain blacklists by swapping bad domain names and inserting random, non-malicious host names in the HTTP host field instead.
• The objective is to evade host and domain blacklists by resetting the host name with a benign one, even when the actual connection is to a malicious command and control IP, according to a Cyren blog post today.
• “Ghost hosts are unknown or known-benign host names used by malware for evading host and URL blacklists,” says Geffen Tzur, a security researcher at Cyren.
• Tzur says there have been no previously reported incidents he knows of where malware actors have attempted to fool detection systems by inserting benign names in the HTTP host field.

Feedback:

• @TechSNAP_Dan How’d you first get into BSD?
  • Why I wanted FreeBSD before I knew it existed
  • How I found FreeBSD
  • The installation

Round Up:

• Android Was 2016’s Most Vulnerable Product
• FTC issues the IoT security challenge. Design the best service or device to manage the security of various IoT devices in a home, and win the $25,000 prize
• Ultrasound Tracking Could Be Used to Deanonymize Tor Users