Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in you inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
  • Go

Malware that Monitors Mouse Clicks to Escape Detection Uncovered by FireEye

Security vendor FireEye Researchers have disclosed a new Advanced Persistent Threat (APT) that uses many detection evasion methods, having the monitoring of mouse clicks, to determine active human interaction with the compromised computer.

Called Trojan.APT.BaneChant, the malware is affected through a Word document rigged with an exploit sent during targeted email attacks. The name of the document converted into "Islamic Jihad.doc".

FireEye researcher Chong Rong Hwa said, "we doubt that this weaponized document was utilized to target the Central Asia and Middle East governments," as published by infoworld.com on April 2, 2013.

FireEye displays that this malware is important for many reasons. Firstly, it identifies many mouse click. In the history, evasion methods via mouse click only detected a single click, making the malware fairly easy to overcome, but BaneChant waits for three mouse click till they proceed forward.

And the second thing, the callback made by BaneChant goes to the genuine URL .Often when malware do such callback, the communication goes directly to CnC (Command & control) server. In this case, the callback, the callback goes to a genuine URL shortening service, which then takes you to the communication to the CnC server.

Thirdly and lasty, it (BaneChant) has anti-forensic capability. This malware doesn't take pace suddenly. Rather it requires an Internet connection for malicious code to be downloaded to the memory and run. Unlike predecessors that are very evident and immediately execute, this malware is simply a husk and its true malicious intent could only be found in the downloaded code. These stop forensic investigators from extracting the "true" malicious code from the disk.

Conclusively, BaneChant displays that malware authors are getting sneakier. "By creating the malware this way, it makes it difficult to perform incidence response and facilitates ease of update of malicious code," Chong said, as published by infosecurity-magazine.com on April 2, 2013.

"BaneChant is another example of a targeted attack that exploits the biggest enterprise weakness - vulnerable endpoint applications. The attack exploits vulnerabilities to introduce malware, which then enable the attack progression," said Dana Tamir, Director of Product Marketing, at Trustier. Threatpost.com published this dated April 2, 2013.

Related article: Malware has lesser proximity to your inbox now!

ยป SPAMfighter News - 09-04-2013

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next