Having problems with your account or logging in?
A lot of changes are happening in the community right now. Some may affect you. READ MORE HERE

Introducing Maltese: An Open Source Malware Traffic Emulator

SasiSiddharth Absent Member.
Absent Member.
0 0 37.9K

39543168r.jpg

Malware and Botnets rely on DNS to communicate with their command and control servers. As such, recent malware detection systems attempt to detect anomalies in DNS request patterns. These systems claim to work as a catch-all for any malware that abuses the DNS system. But are these systems actually effective? Prior to deploying any malware detector, or when new malware is on the rise, enterprises should evaluate the effectiveness of such detectors.

One way of testing the effectiveness is to run real malware samples and check whether they are detected. However, this is infeasible in a production network, as there is always a risk that the malware might cause damage. Furthermore, malware samples often do not execute on demand, which make the testing difficult.

Today, we offer Maltese – a Malware Traffic Emulator that allows you to generate malicious traffic in order to test the effectiveness of malware detector solutions with the current focusing on DNS traffic. Released at Black Hat 2016, the tool allows you to emulate the DNS traffic patterns of a given malware family, inject it into a network, and observe whether the malware detector reports an infection. The injected traffic is completely benign and, therefore, testing poses no risk to the network. The generation of DNS traffic patterns can be based on individual research or from information published by various members of the security community.

Currently, security practitioners resort to one-off scripts or hacked environments to satisfy this testing need. These one-offs often involve a list of domains generated, a network packet capture (PCAP) of the malicious traffic, or a Domain Generation Algorithm (DGA). Our tool enables security professionals to utilize any of these three artifacts in an easy, quick, and configurable manner for generating DNS traffic patterns.

Download the tool and play around with it in your environment. Testing the veracity of manufacturer’s claims can be a difficult task. With Maltese, one piece just got a bit easier.

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.