Dell Released Fresh Details of ‘Lurk Downloader’

Scmagazineuk.com reported on 8th August 2014, stating that Brett Stone-Gross, a Security Researcher at Dell SecureWorks Counter Threat Unit (CTU), recently analyzed and released new details of a malware called 'Lurk Downloader'.

The malware depends on an algorithm drafted to lace images with links directed to command and control server in encrypted form. The images are clear and with the help of code analysis only, the supplementary elements with it could be detected.

Lurk contains two items, one is dropper DLL (Dynamic Link Library) and the other is payload DLL which can extract and execute the payload.

Softpedia.com published news on 9th August 2014, quoting Stone-Gross as saying that a closer inspection of malware shows that it has some apparently random noise which is the actual malware code extorted after calling some Windows graphics API (application program interface) functions.

It is clear from the analysis that having executed the payload DLL, the tainted computer machine is scanned automatically for the definite presence of anti-virus (AV) products which averts the installation of the malware on the on to the system.

Kafeine, a Security Researcher, first detected Lurk malware back in February 2014. Lurk's previous versions are distributed via an HTML iFrame on hijacked sites, which depend on a Flash-based exploit (CVE-2013-5330) to infect the systems of passing surfers.

The malware employs digital steganography to insert information into a picture, which helps it to evade identification within compromised situations increasing its prolonged existence and making living of security analysts difficult.

The Register published news on 8th August 2014, quoting an explanation of Stone-Gross as that the Lurk showcases the power and flexibility of this technique (referring to digital steganography) and how it can be employed to avoid network unearthing and manual inspection by malware researchers."

He added that due to Steganography it becomes extremely difficult to discover the existence of hidden data like configuration file, bot command or binary update principally in digital files. Due to this, the employment of steganography in malware may become more common in future."

The company's statement confirmed that around 350,000 machines were infected by this malware resulting a loss of quarter million dollars.

» SPAMfighter News - 8/19/2014