VoIP and PBX Security and Forensics by Iosif I. Androulidakis

Author:Iosif I. Androulidakis
Language: eng
Format: epub
Publisher: Springer International Publishing, Cham

3.16.8 Activate the Payload

The “payload” of the malware is the part of it that performs the malicious action. In the case of the PBX malware we are discussing that payload can have different forms, affecting confidentiality, integrity, and availability as we have seen throughout the book.

3.16.9 Delete Itself and Logs

Having already infiltrated new targets and having activated its payload in the current target, the malware would try to cover its track by deleting itself and the logs associated with its actions. It could even proceed to full wiping of the O/S of the target. It must be noted at this point that records in call logs are registered after a call ends, since they have to contain information about the duration of the call. In the case where the malware has propagated with a modem dial up call, it is impossible to delete the record that points to the number of the previous PBX that infected the present one. This is particularly important in low end PBXs that do not offer advanced O/S functionality such as time scheduled jobs (like UNIX cron tables). In such PBXs the malware has to call the target many times, each time deleting the logs associated with its previous functionality. Still, however, the last call will remain logged, unless the malware proceeds to a full wipe and crash-shut down of the PBX. As a side note, this paragraph reinforces the importance of having external logging platforms, independent of the PBX itself that regularly can be backed up.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.