Recently, we discovered a threat that abuses the Encrypting File System (EFS), which Symantec detects as Backdoor.Tranwos. Not only is it trivial for program code to use EFS, it’s also very effective at preventing forensic analysis from accessing the contents of the file.The threat creates the folder %Temp%\s[RANDOM ASCII CHARACTERS] and then calls the EncryptFileW […]
Latest Comments