Xossip

Go Back Xossip > Technology> Computers, Gadgets & Gizmos > Microsoft finds Trojan that hides files to evade analysis

Reply
 
Thread Tools Search this Thread
  #1  
Old 22nd April 2013
screwman_2 screwman_2 is offline
veni, vidi, vici
Visit my website
 
Join Date: 24th April 2009
Location: Jahapanah Of Screw
Posts: 24,835
Rep Power: 62 Points: 33536
screwman_2 has hacked the reps databasescrewman_2 has hacked the reps databasescrewman_2 has hacked the reps databasescrewman_2 has hacked the reps databasescrewman_2 has hacked the reps databasescrewman_2 has hacked the reps databasescrewman_2 has hacked the reps databasescrewman_2 has hacked the reps databasescrewman_2 has hacked the reps databasescrewman_2 has hacked the reps databasescrewman_2 has hacked the reps database
UL: 34.25 gb DL: 132.18 gb Ratio: 0.26
Lightbulb Microsoft finds Trojan that hides files to evade analysis

Microsoft finds Trojan that hides files to evade analysisWin32/Nemim.gen.A highlights sophisticated techniques used to protect malware as a kind of intellectual property

April 17, 2013 CSO Microsoft has discovered an unusually stealthy Trojan capable of deleting files it downloads in order to keep them away from forensics investigators and researchers.

The Trojan downloader, called Win32/Nemim.gen.A, is the latest example of how malware writers are using sophisticated techniques to protect their own trade secrets. The Trojan essentially makes downloaded component files irrecoverable, so they cannot be isolated and analyzed.


"During analysis of the downloader, we may not easily find any downloaded component files on the system," Jonathan San Jose, a member of Microsoft's Malware Protection Center, said in a blog post. "Even when using file recovery tools, we may see somewhat suspicious deleted file names but we may be unable to recover the correct content of the file."


Microsoft managed to grab some components as they were being downloaded from a remote server. The malware's two purposes was to infect executable files in removable drives, and to unleash a password stealer to snatch credentials from email accounts, Windows Messenger/Live Messenger, Gmail Notifier, Google Desktop and Google Talk.


Typically, downloaders' only job is to deliver the core malware. In this case, the downloader delivered the malware and continued to be an integral part of the operation.


In general, malware has become better at remaining under the radar. Some of the stealthiest malware is used in advanced persistent threats (APTs) targeted at specific organizations.

[Also see: Call for help on Gauss highlights new malware era | Advanced persistent threat can be beaten, says expert]


"Malware that covers its tracks to prevent the security community from developing quick defensive signatures is the norm today," said Paul Henry, a forensic analyst for Lumension.


For sometime, criminals have developed malware that can sense when it is in a virtualized workstation commonly used by researchers to isolate and study malicious code. When it is in such an environment, the malware will enter a dormant state, so it cannot be easily discovered.


Other malware inserts its malicious code in system memory, never leaving a trail in the infected computer's registry or hard drive, Henry said.


"Your grandfather's security solutions will leave you utterly defenseless against today's evolving threats," he said.

Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.


s

Reply With Quote
  #2  
Old 22nd April 2013
Suzane007's Avatar
Suzane007 Suzane007 is offline
Someday I'll be Your Boss
Visit my website
  Moderator: Moderator of some forums      
Join Date: 27th June 2011
Location: Island of Time
Posts: 66,538
Rep Power: 135 Points: 85725
Suzane007 has hacked the reps databaseSuzane007 has hacked the reps databaseSuzane007 has hacked the reps databaseSuzane007 has hacked the reps databaseSuzane007 has hacked the reps databaseSuzane007 has hacked the reps databaseSuzane007 has hacked the reps databaseSuzane007 has hacked the reps databaseSuzane007 has hacked the reps databaseSuzane007 has hacked the reps databaseSuzane007 has hacked the reps databaseSuzane007 has hacked the reps databaseSuzane007 has hacked the reps databaseSuzane007 has hacked the reps database
Send a message via Yahoo to Suzane007 Send a message via Skype™ to Suzane007
UL: 21.98 mb DL: 1.79 gb Ratio: 0.01
Nice Info.
______________________________
N.B.All the pics posted by me have been downloaded from the internet.Credit goes to the original uploaders.Anyone having any complaint against any pics please don't request me to remove them unless & until they violate the rules of Xossip.Once its on the net, its everywhere.Just like virginity;once lost, its lost forever.

Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump



All times are GMT +5.5. The time now is 11:29 AM.
Page generated in 0.01443 seconds