Hacker News new | past | comments | ask | show | jobs | submit login

Am I missing something or wouldn't the author(s) of Qakbot be able to avoid this attack by cryptographically signing commands and having clients check them?



From https://www.secureworks.com/blog/law-enforcement-takes-down-...

"To interact with infected hosts, the replacement servers required a certificate that can sign messages. It appears that the certificates were obtained and used for good intentions."


It doesn't matter. If you gain access to their servers you can sign the commands yourself.


Depends on where the key is. Command and control servers don't need to have the keys for the commands they are relaying.


I am pretty sure that is not their top priority.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: