I recently obtained a PoisonIvy sample which uses a legitimate application in an effort to stay under the radar.In this case, the PoisonIvy variant detected as BKDR_POISON.BTA (named as newdev.dll) took advantage of a technique known as a DLL preloading attack (aka binary planting) instead of exploiting previously known techniques. The malware was located in […]
Noted for its stealth routine, PlugX and its developers now appear to be using several legitimate applications, in particular those used by Microsoft, Lenovo, and McAfee, in an effort to remain under the radar.PLUGX variants are known for its use of normal applications to load its malicious .DLL components. This .DLL hijacking technique is not […]
Tidserv (a.k.a. TDL) is a complex threat that employs rootkit functionality in an attempt to evade detection. The malware continues to be on the Symantec radar since its discovery back in 2008. The latest variant of Tidserv being distributed in the wild has began to employ the legitimate Chromium Embedded Framework (CEF). While this may […]
Latest Comments