In the McAfee Labs blog we have covered many techniques that malware uses to evade code-based detection. In my previous blog I discussed procedure prologue and procedure epilogue techniques to evade security systems. We recently came across one more set of fake-alert samples that use a different technique to evade detection. This technique is related […]
Recently we experimented with our generic unpacking heuristics. Our goal was to unpack a potentially malicious binary and dump the executable from memory to a file. During our experiments we saw a few unknown packers from which we successfully unpacked the binary; with these, however, we dumped the memory but we missed some code in […]
A low level file system driver was bundled with the latest version of Backdoor.Proxybox named “rxsupply”. The malicious driver was designed to deny access to the files used by the malware in order to improve persistence on compromised computers. The driver functionality and methods used for hooking kernel file system access are described below. Figure 1. […]
Latest Comments