Talk With an Expert

An Approach to Detect Malware Call-Home Activities

An Approach to Detect Malware Call-Home Activities (PDF, 4.81MB)Published: 17 Jan, 2014
Created by
Tyler (Tianqiang) Cui

It is very common for active malware to call home, either to fetch updates and instructions or to send back stolen information. In an internal network where web access to the Internet must go through a proxy, the traffic that doesn't pass through the proxy and by default is dropped by the gateway firewall could be valuable to detect malware call-home activities. This paper describes an approach to detect such malware call-home activities by redirecting the otherwise dropped traffic to a sinkhole server in a proxy environment.