BSidesSF 2018

Cybercriminals deploy crimeware for conducting nefarious operations on the Internet. Crimeware is managed on a large scale through deployment of centralized portals known as Command and Control (C&C) panels. C&C panels are considered as attackers’ primary operating environment through which crimewave is controlled and updated at regular intervals of time. C&C panels also store information stolen from the compromised machines as a part of the data exfiltration activity. This empirical study highlights
the analysis of thousands of real world C&C web Uniform Resource Locators (URLs) used for deployment of Crimeware such as botnets, key-loggers, ransomware, Point-of-Sales (PoS) malware, etc., to unearth the characteristics of HTTP-based C&C panels. This study gives a statistical view on design and technologies opted by the crimeware authors to deploy HTTP-based C&C panels.