A few weeks ago, our FortiGuard Labs Threat Intelligence system discovered some new suspicious samples as usual. One of these samples caught our attention when we checked its network traffic.
For this particular sample, which Fortinet already detects as W32/Foreign.LXES!tr, we found that most of its communication has the HTTP/1.1 404 Not Found status, which should mean that some error has occurred generally. But when we analysed the data further, we realized that it was actually a special trick.
Hiding Malicious Traffic Under the HTTP 404 Error | Fortinet Blog
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.