Malware that Monitors Mouse Clicks to Escape Detection Uncovered by FireEye
Security vendor FireEye Researchers have disclosed a new Advanced Persistent Threat (APT) that uses many detection evasion methods, having the monitoring of mouse clicks, to determine active human interaction with the compromised computer.
Called Trojan.APT.BaneChant, the malware is affected through a Word document rigged with an exploit sent during targeted email attacks. The name of the document converted into "Islamic Jihad.doc".
FireEye researcher Chong Rong Hwa said, "we doubt that this weaponized document was utilized to target the Central Asia and Middle East governments," as published by infoworld.com on April 2, 2013.
FireEye displays that this malware is important for many reasons. Firstly, it identifies many mouse click. In the history, evasion methods via mouse click only detected a single click, making the malware fairly easy to overcome, but BaneChant waits for three mouse click till they proceed forward.
And the second thing, the callback made by BaneChant goes to the genuine URL .Often when malware do such callback, the communication goes directly to CnC (Command & control) server. In this case, the callback, the callback goes to a genuine URL shortening service, which then takes you to the communication to the CnC server.
Thirdly and lasty, it (BaneChant) has anti-forensic capability. This malware doesn't take pace suddenly. Rather it requires an Internet connection for malicious code to be downloaded to the memory and run. Unlike predecessors that are very evident and immediately execute, this malware is simply a husk and its true malicious intent could only be found in the downloaded code. These stop forensic investigators from extracting the "true" malicious code from the disk.
Conclusively, BaneChant displays that malware authors are getting sneakier. "By creating the malware this way, it makes it difficult to perform incidence response and facilitates ease of update of malicious code," Chong said, as published by infosecurity-magazine.com on April 2, 2013.
"BaneChant is another example of a targeted attack that exploits the biggest enterprise weakness - vulnerable endpoint applications. The attack exploits vulnerabilities to introduce malware, which then enable the attack progression," said Dana Tamir, Director of Product Marketing, at Trustier. Threatpost.com published this dated April 2, 2013.
Related article: Malware has lesser proximity to your inbox now!
» SPAMfighter News - 09-04-2013