all InfoSec news
The Spelling Police: Searching for Malicious HTTP Servers by Identifying Typos in HTTP Responses
Malware Analysis, News and Indicators - Latest topics malware.news
Authored by Margit Hazenbroek
At Fox-IT (part of NCC Group) identifying servers that host nefarious activities is a critical aspect of our threat intelligence. One approach involves looking for anomalies in responses of HTTP servers. Sometimes cybercriminals that host malicious servers employ tactics that involve mimicking the responses of legitimate software to evade detection. However, a common pitfall of these malicious actors are typos, which we use as unique fingerprints to identify such servers. For example, we have used a …
aspect critical cybercriminals fox fox-it host http intelligence malicious ncc ncc group police servers tactics threat threat intelligence typos