blog trackingRealtime Web Statistics Stumps Archives | Gregory D. Evans | Worlds No. 1 Security Consultant | Gregory D. Evans | Worlds No. 1 Security Consultant

Posts Tagged ‘stumps’

Encrypted malware stumps antivirus suites

Malware writers are taking their cat-and-mouse game with antivirus software makers up another level, using block ciphers that can even get the malware white-listed.

Kaspersky Labs said evidence of the block ciphers are starting to appear in banking Trojan programs in Brazil, making it hard for antivirus products to detect, let alone neutralize them.

“When used to encrypt the contents of malware executables, block ciphers can cause malware detection and analysis systems not to work properly. Block-cipher encrypted malicious links, for example, can be downloaded and analyzed, but not detected as malicious. If that happens enough, the malicious links can even become whitelisted — exempt from further checks altogether,” it said in a blog post.

It said a Kaspersky Lab expert came across the group of files, which he identified as Trojan-Banker.Win32.Delf.vh, while analyzing some potentially malicious links from Brazil.

The files contained encrypted malware that turned out to be a block cipher.

On the other hand, Kaspersky said administrators of the sites on which the malicious files are hosted will not be able to identify them. As such, the malware can remain untouched.

It added the creators of the Delf banking Trojan update mirror sites with new versions of the malware every couple of days, altering the encryption algorithm to complicate detection even more.

A separate article on PC World said this may thwart most antivirus software that rely on searching for patterns of data that are alike or similar to its virus definitions.

“Even more unfortunate, the wildcard characters could be hidden in another type of seemingly useful file (e.g. .jpeg files) that actually displays an image, and therefore, might not trigger the virus scanner at all. Could it get even worse? Yes, but to my knowledge, most, if not all, virus scanners also are incapable of determining what will happen when the decryption script is run–that is, they don’t actually execute the code to find out what will happen,” it said. — TJD, GMA News

Article source: http://ph.news.yahoo.com/encrypted-malware-stumps-antivirus-suites-082406319.html

View full post on National Cyber Security » Virus/Malware/Worms

My Twitter

  • RT @GregoryDEvans: Audit finds VSDB may have ‘misused’ state funds – Education Week https://t.co/a1Zb4sLM5D #security #hacker #HTCS
    about 15 hours ago
  • RT @GregoryDEvans: Teacher Uses Bruised Apple To Show Devastating Effects Of Bullying https://t.co/lD6VcnURwo #security #hacker #HTCS
    about 21 hours ago
  • Cyber Security News Today is out! https://t.co/Tlr9Me5ca9 @gregorydevans #hacker
    about 21 hours ago
  • RT @GregoryDEvans: KMS-4 Nose Fairing Debris Found on Japanese Coast https://t.co/ADHdnkKuY9
    about 2 days ago
  • RT @GregoryDEvans: #galaxylife #samsung4life Website/IP https://t.co/No6g9mvuOr may be hackable #hacked, #WGH, #UK, #hackerproof https://t.…
    about 2 days ago

AmIHackerProof.com By Gregory D. Evans

Hacker For Hire By Gregory Evans

Gregory D. Evans On Facebook

Parent Securty By Gregory D. Evans

National Cyber Security By Gregory D. Evans

Dating Scams By Gregory Evans