There is clearly no point in spyware gathering information for an adversary without the adversary having the ability to collect it. Colloquially speaking, spyware must somehow “phone home,” transmitting or otherwise exfiltrating information. This chapter examines four aspects of this: the difference between push- and pull-based approaches to exfiltration; how spyware finds out where “home” is; hiding the fact that information is being leaked; general defenses against information leaking.
KeywordsCovert Channel Hide Message Embed Message Internet Control Message Protocol Mother Ship
Unable to display preview. Download preview PDF.