Cryptor Websites making malware undetected

Discussion in 'malware problems & news' started by BrendanK., Mar 18, 2009.

Thread Status:
Not open for further replies.
  1. BrendanK.

    BrendanK. Registered Member

    Joined:
    Jun 23, 2008
    Posts:
    520
    Location:
    Australia
    Now this is from my own research so please do look into it further for yourselves.

    Devious coders have now come up with a way to make their malware undetected from vendors with 2 clicks of a button. The coders are making websites (extremely hard to find) which are able to Crypt(transform the malware using an algorith) so that AV/AS are unable to detect the malware.

    I, myself, have found a few of these websites and tested them out, and they do work.

    The encryption algorithm used is changed every few days(sometimes even hours), so keeping up to date with the algorithm, like a normal packer or cryptor, is extremely hard for Antimalware companies.

    Now for how the websites work;

    1. Coders use a main "server" or their computer to host the website.
    2. A certain Cryptor is used on the server, with it's algorithm changed every few days, which allows a file to be uploaded through the website to the server and downloaded again with the new algorithm.
    3. The malicious file (detected) is uploaded to the server
    4. The malicious file (now encrypted and packed) is downloaded to the client.

    Some malware is still detected despite the cryptor, however the detection now becomes a generic or heuristic detection. For unknown malware which has just been made a detection, the file is then usually undetected.
     
  2. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    What you're referring to:

    Do you know how the malware is distributed to business and home computers (for the purpose of infection) ?

    Drive by downloads, infecting common websites, ActiveX, video codecs, distributing infected software ?
     
  3. BrendanK.

    BrendanK. Registered Member

    Joined:
    Jun 23, 2008
    Posts:
    520
    Location:
    Australia
    The means of infecting homes and businesses are the same, however, I think it is meant for drive by download and the distribution of infected software.
     
Loading...
Thread Status:
Not open for further replies.