Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Dyre Trojan Bypasses Detection, Assessment by Sandboxing

Seculert the security company has said that its researchers have just stumbled upon the banker Trojan Dyre in one fresh version which applies certain cunning yet simple methodology for preventing analysis by bypassing sandboxes, published securityweek.com dated May 1, 2015.

Explaining Dyre's evasive methodology, Seculert states that the malware is equipped with certain utility which examines how many processor cores are actively working on the contaminated PC; in case two or more are spotted, Dyre instantly stops its malicious activity since an analysis condition possibly exists given modern PCs regularly containing multi-core processing facility.

Previously during April, Sophos another security company recorded the above described behavior. The company suggests that the total processing cores be segmented in two parts inside the VM.

CTO Aviv Raff at Seculert stated about his company seeing the bypassing trick of Dyre on VMs (virtual machines) through 8 security agencies, with one-half products being easily available without any charges, while remaining half containing chargeable solutions, equipped with just a single CPU core. It was witnessed that all the products were unable to detect and study the malware item. Softpedia.com reported this, May 4, 2015.

It maybe said that the cyber-crooks probably carried out a research of their own while finding out the chief nature of the above technique in getting past sandboxing solutions undetected. Thereafter Seculert had supplied the security agencies all the details, Raff said.

The study paper of Seculert shows one more change in Dyre that of being one fresh user-agent.

It further states that altering user-agents has long being known as a method for eschewing identification by signature-based products. Moreover, certain small alterations were done for Dyre to behave differently which too was a technique for bypassing detection by signature-based solutions, the study adds. Threatpost.com reported this, May 1, 2015.

Raff explains that Dyre's efficacy in eluding sandboxes quite again shows how sandboxing without any additional tools isn't an all-comprehensive security approach. Instead, for spotting evasive malware; it's necessary that device learning as well as outbound traffic analysis be included that will make the security solution complete in tackling the modern worsening threat scenario; the CTO concluded.

ยป SPAMfighter News - 5/9/2015

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page