There's an ongoing trend among malware authors to either code malware crypters and packers from scratch and sell then at a later stage, or even more interesting, obtain publicly available crypters source code, modify, add extra featured and new encryption routines and make them available for sale. The rise of DIY malware crypters enables literally everyone to fully obfuscate an already detected piece of malware, so that if no extra security measures but only virus signatures scanning are in place, an infection takes place.The first crypter has the following options :
- Memory execution/injection within its own process, execute in a default browser's memory, or no execution in memory takes place but dropping
- Custom encryption with min and max encryption layers, RC4, and NTDLL Compression API
The second crypter, a previous version of the first one, has the following
options :
options :- custom resource names
- scramble
- custom encryption layer
Moreover, realizing the ongoing competition among coders or modifyers of 
malware crypters, services such as already packed dozens of bots often act as a bargain in case of a possible and much more flexible purchase. The third crypter is a perfect example of a source code modification since its lacking any significant and unique features.
malware crypters, services such as already packed dozens of bots often act as a bargain in case of a possible and much more flexible purchase. The third crypter is a perfect example of a source code modification since its lacking any significant and unique features.The most dangerous threat, however, remains your lack of decent situational awareness.
No comments:
Post a Comment