Newly Discovered Malware ‘Pingback’ Communicates By Using Windows ICMP Protocol

Earlier this month, researchers discovered the existence of a new kind of malware that they are calling ‘Pingback’. This is a new malware that uses a lot of tricks to escape detection and infect the computer that they’re located on. Pingback is a kind of malware that was designed to go out and affect Windows computers, since it uses the Windows Internet Control Message Protocol (ICMP) packets to communicate covertly.

How Does Pingback Gain Access to the System?

The Pingback malware is a simple 66kb file that is named as “oci.dll”, and it infects the device by using a method known as DLL hijacking. The malware pretends to be part of a legitimate patch, but it is instead a malicious program that is somehow dropped within the System of the OS. Pingback’s name comes from ICMP’s famous “ping” command.

Researchers discovered that Pingback gets loaded into the System with the help of the MSDTC, which is a software component that is in charge of database operations. DLL hijacking is used by the cyber criminals to reload the malicious DLL file into the database by using the legitimate MSDTC component. Once it penetrates the system, the malware uses the ICMP protocol to keep up all communication with its origin point.

How Does Pingback Leverage the ICMP?

Pingback makes use of ICMP message requests to relay data to and fro the point of origin. In ICMP, the message codes 1234, 1235 and 1236 all mean different kinds of things. The Pingback malware uses combinations of the codes to receive and execute commands. Researchers found out that the malware is capable of running shell commands, carrying out file transfers and executing payloads.

How to Protect The System From This Pingback Malware?

  • First of all, you need to update your system to the latest version of the antivirus or firewall that you are using. This will ensure that the Pingback file does not pass through unseen and undetected into your network or system.
  • Download a VPN like internetetsecurite to protect your data while you are using a public wifi. Cyber criminals make use of man-in-the-middle attacks to gain access to data in an illegal way.
  • Last of all, you also need to practice caution, and scan all your incoming files.

Final Thoughts

This is all you need to know about the Pingback malware, which has been recently discovered. Thanks to the efforts of the researchers, you can protect yourselves properly.