Go Back Xossip > Technology> Computers, Gadgets & Gizmos > Microsoft finds Trojan that hides files to evade analysis

Thread Tools Search this Thread
Old 22nd April 2013
screwman_2 screwman_2 is offline
veni, vidi, vici
Visit my website
Join Date: 24th April 2009
Location: Jahapanah Of Screw
Posts: 24,463
Rep Power: 60 Points: 32609
screwman_2 has hacked the reps databasescrewman_2 has hacked the reps databasescrewman_2 has hacked the reps databasescrewman_2 has hacked the reps databasescrewman_2 has hacked the reps databasescrewman_2 has hacked the reps databasescrewman_2 has hacked the reps database
UL: 34.25 gb DL: 132.18 gb Ratio: 0.26
Lightbulb Microsoft finds Trojan that hides files to evade analysis

Microsoft finds Trojan that hides files to evade analysisWin32/Nemim.gen.A highlights sophisticated techniques used to protect malware as a kind of intellectual property

April 17, 2013 CSO Microsoft has discovered an unusually stealthy Trojan capable of deleting files it downloads in order to keep them away from forensics investigators and researchers.

The Trojan downloader, called Win32/Nemim.gen.A, is the latest example of how malware writers are using sophisticated techniques to protect their own trade secrets. The Trojan essentially makes downloaded component files irrecoverable, so they cannot be isolated and analyzed.

"During analysis of the downloader, we may not easily find any downloaded component files on the system," Jonathan San Jose, a member of Microsoft's Malware Protection Center, said in a blog post. "Even when using file recovery tools, we may see somewhat suspicious deleted file names but we may be unable to recover the correct content of the file."

Microsoft managed to grab some components as they were being downloaded from a remote server. The malware's two purposes was to infect executable files in removable drives, and to unleash a password stealer to snatch credentials from email accounts, Windows Messenger/Live Messenger, Gmail Notifier, Google Desktop and Google Talk.

Typically, downloaders' only job is to deliver the core malware. In this case, the downloader delivered the malware and continued to be an integral part of the operation.

In general, malware has become better at remaining under the radar. Some of the stealthiest malware is used in advanced persistent threats (APTs) targeted at specific organizations.

[Also see: Call for help on Gauss highlights new malware era | Advanced persistent threat can be beaten, says expert]

"Malware that covers its tracks to prevent the security community from developing quick defensive signatures is the norm today," said Paul Henry, a forensic analyst for Lumension.

For sometime, criminals have developed malware that can sense when it is in a virtualized workstation commonly used by researchers to isolate and study malicious code. When it is in such an environment, the malware will enter a dormant state, so it cannot be easily discovered.

Other malware inserts its malicious code in system memory, never leaving a trail in the infected computer's registry or hard drive, Henry said.

"Your grandfather's security solutions will leave you utterly defenseless against today's evolving threats," he said.

Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.


Reply With Quote
Old 22nd April 2013
Suzane007's Avatar
Suzane007 Suzane007 is offline
Someday I'll be Your Boss
Visit my website
  Moderator: Moderator of some forums      
Join Date: 27th June 2011
Location: Island of Time
Posts: 55,272
Rep Power: 111 Points: 70116
Suzane007 has hacked the reps databaseSuzane007 has hacked the reps databaseSuzane007 has hacked the reps database
Send a message via Yahoo to Suzane007 Send a message via Skype™ to Suzane007
UL: 21.98 mb DL: 1.79 gb Ratio: 0.01
Nice Info.
N.B.All the pics posted by me have been downloaded from the internet.Credit goes to the original uploaders.Anyone having any complaint against any pics please don't request me to remove them unless & until they violate the rules of eXBii.Once its on the net, its everywhere.Just like virginity;once lost, its lost forever.

Reply With Quote

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

All times are GMT +5.5. The time now is 12:13 PM.
Page generated in 0.01403 seconds