Attackers get sneakier with encripted malware.

http://tech.ca.msn.com/attackers-get-sneakier-with-encrypted-malware

 

I don't really get this. They still need a decryption script and that would still have to be run.

I guess it's useful as a payload.

 

Indeed!

The article is a summary of the original analysis by Kaspersky Labs via securelist.com. The Comments section in that analysis reveals some rather pertinent details:

Steganography or encryption in bankers?
http://www.securelist.com/en/blog/208193235/Steganography_or_encryption_in_bankers

And answered by the author:

So, not only is a decryption script necessary, but it's executed via a binary executable (EXE).

While interesting, the analysis is, unfortunately, all too common in omitting full details of the attack vector and intermediate steps contained in the exploit, all of which are necessary for the reader to make a judgment as to how to prevent such an attack from succeeding.


----
rich

 

The article is a little confusing as it comes across like this is something new, of course it is not, although, apparently in Latin America.

 

Hiding the payload in an image is new.

 

Some References from past discussions:

malware enbeded in .jpg, .doc
August 26th, 2009, 03:55 AM
https://www.wilderssecurity.com/showpost.php?p=1531023&postcount=16

https://www.wilderssecurity.com/showpost.php?p=1531049&postcount=24

https://www.wilderssecurity.com/showpost.php?p=1531052&postcount=27

----------------------------------

Malware in a bottle
4 May, 2010
http://wirewatcher.wordpress.com/2010/05/04/malware-in-a-bottle/

----
rich

 

Hm. I'd never seen a file actually compressed as an image format.

 

I have. It's very interesting. I've seen where you can actually hide things in a forum avatar to pass secret messages.