Microsoft Investigators Uncover Fresh Malware of Treacherous Kind

Microsoft's security investigators have found one fresh kind of malware, which when downloaded, seems to behave innocuously, however, dupes security software while merging with malicious software right after it gets installed onto an end-user's PC, reported computing.co.uk in news on January 26, 2012.

Incidentally, there's certain sophistication in the latest malware in that its vicious activity doesn't become evident when its code is directly analyzed something that security researchers or the majority of security products try performing whilst coming across suspicious software.

The software giant's investigators, while elaborating on the new malware state that it normally functions like a standard Trojan downloader that pulls down and modifies a file at the server's end as well as the downloader on its own turn merely downloads and runs malware that's inexpensive and thus non-essential so far as anti-virus identification is concerned. Consequently, security researchers now spot more than 8m Trojan downloaders pertaining to Windows, the majority of them pulling down the .exe file onto disc alternatively inserting the same inside other processes.

Importantly, looking like tiny Visual Basic-programmed software in its initial stage, the sample accesses some Tibetan restaurant's website. Expectedly, any Trojan downloader that works through its routine way although at the time of quick static analysis, won't access any file alternatively perform additional dubious system call.

As a matter of fact, on executing the software on a system using mock Internet connection, the software would pull down files from a different site followed with replicating itself as 'misys.exe' onto the Windows system directory and then begin intercepting keystrokes.

The deceptively pulled down binary blob represents the Win32/Poison group of malware, while its functionality has been profusely recorded during its entry inside MMPC's encyclopedia.

Moreover, to create W32/Poison, a Builder Tool that's easy-to-operate is necessary with which the Trojan can be customized as per the malware authors' desires regarding the things they seek for theft.

However, unlike common malware that alters the system processes else registry entries, the W32/Poison Trojan changes its task vigorously via taking down and running x86 commands straight into its own treatments that then causes its destruction.

Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails

» SPAMfighter News - 2/2/2012