2

I was wondering how can malware, for example a keylogger, deliver its data without compromising its owner?

Because as soon as you know you got a malicious program running on your computer you could potentially monitor outgoing connection and maybe trace it back to the attacker.

So are there any other methods, like using dummy email to send data or other stuff?

AleksanderCH
  • 711
  • 3
  • 10
  • 23
Jico
  • 23
  • 2
  • 1
    There are many ways... see for example [Command & Control](https://en.wikipedia.org/wiki/Botnet#Command_and_control) on Wikipedia. – TripeHound Jun 20 '19 at 08:56

2 Answers2

2

There are many possible ways to retrieve the data harvested. Depending on the type of attack (automated / targeted), the intended goal of the attacker and the means available to the attacker. Often, one of these is chosen (this is not an exhaustive list!)

  • Use a Command & Control system that selectively tells the malware what to do and where to send data.
  • Start a service (SSH / httpd / netcat / etc) and dump the data through that.
  • Use a different infected machine as a collection machine.
  • Use a 'zombie network' to have a network collect the data for you.
  • Transmit the data through a side-channel (for example use ultrasound and a listening device / recorder)
  • Use a public 'pastebin' service to directly dump the data in a known location.
  • Abuse a protocol to transmit the data hidden in plain sight (like requesting specific DNS entries that encode the data transmitted)

There are other means but this should give you some idea how diverse (and therefore nigh impossible to monitor) the methods are to transmit data between 2 places covertly (e.g. what a piece of malware and receiver want to do).

Luc
  • 31,973
  • 8
  • 71
  • 135
LvB
  • 8,217
  • 1
  • 26
  • 43
0

I think all you could know from such an attack (if the attacker is somewhat skilled) is that there's some connection outgoing that you potentially wouldn't want.

There are many ways of how an attacker can receive data and still remain anonymous, here are some examples:

Also see LvB's answer for more information.

AleksanderCH
  • 711
  • 3
  • 10
  • 23
  • But if you use a VPN or go through Tor you would have to specify the receiver address somewhere and it might not be safe if your malware get reversed engineered ? – Jico Jun 20 '19 at 09:35
  • Not necessarily, for example you could reverse engineer the software and know which node is the first in the Tor network (the malware would send the data directly to this node) but not which node is the endpoint (the attacker). – AleksanderCH Jun 20 '19 at 09:49