How does malware get to communicate with their server undetected? – Digitalmunition




Home Forums How does malware get to communicate with their server undetected?

This topic contains 1 reply, has 2 voices, and was last updated by  grublets 1 month ago.

  • Author
    Posts
  • #320920

    anonymous
    Participant

    If there is a malware on my computer that is communicating with a hackers server, they don’t normally open a port on my firewall, they would piggyback on an already open port. That is my understanding.

    But if they go through a normal port like 443 and their server is on some random port ##. Then how does my router? or how does their server change the 443 listen to port## listen. If you get what I’m saying?

  • #320921

    grublets

    They’ll sent out stuff on common ports. Outgoing to TCP 443 in an attempt to avoid detection by being lost in the “crowd” of HTTPS traffic.

    Some have used small UDP 53 messages trying to look like DNS traffic.

    There’s no shortage of ways to try.

  • #320922

    xCryptoPandax

    Think of it like this, say you have a vulnerable SSH server (port 22) and they sign in as root. They can spin up a Apache web server on port 8080 and throw your files on there to download from there computer.

    Just because they get in one way doesn’t mean they go out the same.

You must be logged in to reply to this topic.