Compared to the malware crypters I covered in previous posts -- part of the Malicious Wild West series -- this one is going way beyond the usual file obfuscation, and despite that it's offered for sale and not in the wild yet, it includes anti-sandboxing, and anti-virtual machine capabilities, as malware authors started feeling the pressure posed by the two concepts when it comes to detecting their releases.Features include :
- Add File to load on Memory
- Add File to load on Browser
- Add File to drop on Temp
- Add File to drop on System
- Add File to drop on Windows
- Process injection
- Different crypting routines on a per buyer basis
- Mega icons pack with the purchase
So let's sum up, the end user isn't bothering to update her anti virus software signatures, and even if she did and despite a vendor's response time, the concept of zero day malware and rebooting the lifecycle of a malware release through crypting it, is sort of ruining the signatures based scanning approach. Still living in the suspicious file attachments world, the end user is easily falling victim into web site embedded malware taking advantage of months old client side vulnerabilities in their web browser, media player and everything in between. Botnet communication platforms are maturing, not with the idea to innovate, but to diversify the communications channels, and so are malware embedding and statistics kits. OSINT through botnets given the amount of infected PCs is a fully sound practice, and so is corporate espionage through botnets.
Moreover, what used to a situation where malware authors were doing over their best to maintain their releases as invisible as possible, nowadays, malware is directly exploiting vulnerabilities within anti virus software to evade detection or get rid of the anti virus software itself. In fact, malware authors became so efficient so that vendors are coming up with very interesting stats based on the greediest, smallest, largest and most malicious malware on a monthly basis.
Moreover, what used to a situation where malware authors were doing over their best to maintain their releases as invisible as possible, nowadays, malware is directly exploiting vulnerabilities within anti virus software to evade detection or get rid of the anti virus software itself. In fact, malware authors became so efficient so that vendors are coming up with very interesting stats based on the greediest, smallest, largest and most malicious malware on a monthly basis.
As always, the "best" is yet to come.
No comments:
Post a Comment