New attack binds malware in parallel to software downloads

Discussion in 'malware problems & news' started by Minimalist, Aug 19, 2014.

Thread Status:
Not open for further replies.
  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,066
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    I didn't understand the article, can someone explain? ;)
     
  3. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,066
    In short: you try to download installer for an app. Attacker controlling one of the nodes inject some code into HTTP download so you get slightly modified installer. When you run "infected" installer malware installs first (without you knowing it) and then legit app (for which you downloaded installer) gets installed also. You never know that there was malware embeded in installer and that malware was installed before legit installation took place.
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    OK interesting, so perhaps an idea to never put your HIPS in "trust mode", and keep monitoring ALL apps for suspicious behavior. :D
     
  5. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,066
    Yes. You can also use https for all downloads (if possible) and compare binary checksum with one provided by vendor or developer.
     
Loading...
Thread Status:
Not open for further replies.