The Latest in IT Security

Old Malware Tricks To Bypass Detection in the Age of Big Data

13
Apr
2017
Old Malware Tricks To Bypass Detection in the Age of Big Data

 

Kaspersky Lab has been tracking a targeted attack actor’s activities in Japan and South Korea recently. This attacker has been using the XXMM malware toolkit, which was named after an original project path revealed through a pdb string inside the file: “C:\Users\123\documents\visual studio 2010\Projects\xxmm2\Release\test2.pdb”. We came across an unusual technique used by a sample which contained no pdb strings but was very similar to a variant of XXMM malware in terms of code similarity, malware functionality, crypto-algorithm, data structures and module configuration.

The malware sample we observed was named “srvhost.exe” to resemble a standard system process name.

Read More

Leave a reply


Categories

FRIDAY, AUGUST 18, 2017

Featured

Archives

Latest Comments

Social Networks