I am not working on a project where I would infect multiple of my virtual windows machines with malware but how could I monitor what goes through if some malware can evade detection. I have read the following:
Mebroot can then steal any information it likes and send it to a remote server via HTTP. Network analysis tools such as Wireshark won't notice the data leaking out since Mebroot hides the traffic, Erasmus said.
I have my self seen rats with a checkbox for evading wireshark. So what do you think could be done?
We will either find a way, or make one.
- Hannibal
most common way to defeat sniffing is to encrypt the traffic - you can't read the results.
you can also hide it inside legitimate traffic, but I uploaded a wireshark pcap file that shows how you can still read into the hidden traffic inside the legitimate traffic.
Encryption can hide your results, but it is still not easy to hide the sender or reciepitent to a skilled forensic sniffer..you still need a 'to: and from:' to complete delivery of the messages.
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
