Opachki: State of the art malware continues to evolve

Discussion in 'malware problems & news' started by Rmus, Nov 3, 2009.

Thread Status:
Not open for further replies.
  1. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    When the Conficker worm emerged on the scene, an entirely new type of sophistication in malware coding revealed a professional, knowledgeable understanding of the inner workings of the Windows Operating system. With Opachki, this sophistication continues in other areas, such as web page coding:

    Opachki, from (and to) Russia with love
    http://isc.sans.org/diary.html?storyid=7519

    Opachki Link Hijacker Trojan Analysis
    http://www.secureworks.com/research/threats/opachki/
    Most people who frequent security forums might conclude that they are immune from the browser exploit, or even vulnerabilities in other software. But malware authors have no concern about this small minority of computer users world wide, as indicated by statistics in many research articles showing millions of people infected via the most common of attack vectors, and, of course, the various social engineering tricks.

    So, as the various holiday seasons approach, why not share some of your knowledge with family/friends, to see if they are aware of how they might be vulnerable to the many different types of exploits making the rounds!

    regards,

    -rich
     
  2. BrendanK.

    BrendanK. Registered Member

    Joined:
    Jun 23, 2008
    Posts:
    520
    Location:
    Australia
    Very nice stuff Rmus! It's such a shame people get infected by these easily prevented exploits :(
     
  3. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Thanks for the heads up Rich. This one sounds nasty as it also disables safe mode.

    From the isc.sans.org link:
    Bolded words are very wise words indeed (bolding by me). Even better advice would be don't get infected in the first place.
     
Loading...
Thread Status:
Not open for further replies.