Attackers get sneakier with encripted malware.

Discussion in 'malware problems & news' started by The Hammer, Nov 15, 2011.

Thread Status:
Not open for further replies.
  1. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
  2. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I don't really get this. They still need a decryption script and that would still have to be run.

    I guess it's useful as a payload.
     
  3. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Indeed!

    The article is a summary of the original analysis by Kaspersky Labs via securelist.com. The Comments section in that analysis reveals some rather pertinent details:

    Steganography or encryption in bankers?
    http://www.securelist.com/en/blog/208193235/Steganography_or_encryption_in_bankers

    And answered by the author:

    So, not only is a decryption script necessary, but it's executed via a binary executable (EXE).

    While interesting, the analysis is, unfortunately, all too common in omitting full details of the attack vector and intermediate steps contained in the exploit, all of which are necessary for the reader to make a judgment as to how to prevent such an attack from succeeding.


    ----
    rich
     
  4. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    The article is a little confusing as it comes across like this is something new, of course it is not, although, apparently in Latin America.
     
  5. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Hiding the payload in an image is new.
     
  6. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Some References from past discussions:

    malware enbeded in .jpg, .doc
    August 26th, 2009, 03:55 AM
    https://www.wilderssecurity.com/showpost.php?p=1531023&postcount=16

    https://www.wilderssecurity.com/showpost.php?p=1531049&postcount=24
    https://www.wilderssecurity.com/showpost.php?p=1531052&postcount=27
    ----------------------------------

    Malware in a bottle
    4 May, 2010
    http://wirewatcher.wordpress.com/2010/05/04/malware-in-a-bottle/

    ----
    rich
     
  7. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Hm. I'd never seen a file actually compressed as an image format.
     
  8. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,052
    Location:
    USA
    I have. It's very interesting. I've seen where you can actually hide things in a forum avatar to pass secret messages.
     
Loading...
Thread Status:
Not open for further replies.