404


A few weeks ago, our FortiGuard Labs Threat Intelligence system discovered some new suspicious samples as usual. One of these samples caught our attention when we checked its network traffic. For this particular sample, which Fortinet already detects as W32/Foreign.LXES!tr, we found that most of its communication has the HTTP/1.1 404 Not Found status, which should mean that some error has occurred generally. But when we analysed the data further, we realized that it was actually a special trick. The Ping & Pong Commands When it first... [Read More]
by RSS He Xu  |  Apr 09, 2015  |  Filed in: Security Research