The revenge of the script kiddies, or the master minds releasing DIY tools to let 'em generate enough noise as I've pointed out in my future trends of malware paper? Further expanding the Malicious Wild West series, here are two more recently released DIY malware droppers. The detection rate for the generated dropper of the first one is disturbing given it's not even crypted :
AVG - 06.12.2007 - Downloader.VB.KK
NOD32v2 - 06.12.2007 - probably unknown NewHeur_PE virus
Panda - 06.12.2007 - Suspicious file
No AV detects the packer itself!
File size: 311296 bytes
MD5: 1944378cba81bcd894d43d71dc5fccb5
SHA1: 920505f2124e8a477ab26a28f81a779d717882be
The second one has a much higher detection rate of both the packer and the dropper :
File size: 19001 bytes
MD5: abad61857c4b79773326496dec11929b
SHA1: 5c74c3572febf7f468b41d9bdc5cbc19eb2348b5
PandaLabs has recently conducted a study on the increasing use of packers and cryptors by malware authors worth mentioning :
"There are many different packers. According to the PandaLabs study, UPX is the most common and is used in 15 percent of the malware detected. PECompact and PE, are used in 10 percent of cases. However, according to PandaLabs, there are more than 500 types of packers that could be used by cyber-crooks. “In essence it is a stealth technique. The increasing use of these programs highlights how keen Internet criminals are for their creations to go undetected,” explains Luis Corrons, technical director of PandaLabs."
You may also be interested in finding out how popular anti virus vendors perform agains known, but crypted malware.
Related posts:
A Malware Cryptor
A Malware Cryptor 2
A Malware Loader
Independent Contractor. Bitcoin: 15Zvie1j8CjSR52doVSZSjctCDSx3pDjKZ Email: dancho.danchev@hush.com OMEMO: ddanchev@conversations.im | OTR: danchodanchev@xmpp.jp | TOX ID: 2E6FCA35A18AA76B2CCE33B55404A796F077CADA56F38922A1988AA381AE617A15D3D3E3E6F1
Tuesday, June 12, 2007
DIY Malware Droppers in the Wild
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment