Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in your inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
Go

Trojan Downloader Attacks with Encrypted Executables

Malware investigators at antivirus firm Sophos are warning that Trojan downloaders are being used to launch a new attack in the form of wholly encrypted executables. The Trojan that Sophos has identified in the attack is Troj/Dloadr-CEX.

It, says Sophos, aims to plant a malevolent payload from online sources while dodging scanners at the network-level. The Trojan is able to accomplish this by acquiring a wholly encrypted file and then decrypting it after landing on the attacked system.

Mike W., malware Researcher at Sophos (Canada) said that when he retrieved the file manually, he found it to appear like junk. According to him, the file taken from the Internet does not reflect any known file format. Also, it would even not run in the form of an executable, said Mike W., as reported by Softpedia on February 17, 2009.

But when he allowed the Trojan to handle the downloaded content in its own way, it dramatically transformed the original junk file into a properly defined Windows PE i.e. Portable Executable file that would readily do some extra harm to the target machine, explained the researcher.

Sophos states that there is nothing new about the encrypted program, but that the malware encrypting of its own is what is new, as until now, these malicious files entering the system have been coming in the form of executables. Mike W, furthers said that the transfer of malicious software in a confusing format of an unknown file could be the malware creators' response to the idea of 'in-the-cloud' malware safeguard utility.

Meanwhile, elaborating further on it, security specialists at Sophos said that the technique tends to be non-functional when come across well-designed security applications at the network level. Although it could possibly elude ordinary gateway scanners, the technique might not be able to do much against 'in-the-cloud' antivirus products that monitor the actual events on the system instead of the file types.

Commenting on the new attack technique, the security specialists said that the malware writers had indeed proven to be innovative, while security developers need to find even newer technologies particularly for network-level defenses.

Related article: Trojans to Target VoIP in 2006

ยป SPAMfighter News - 04-03-2009

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next