Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Researchers Intercepted a New Backdoor Called ‘Matsnu’

Blog.checkpoint.com reported on 2nd July, 2015 stating that researcher at security firm Check Point, Stanislav Skuratovich recently discovered a new malware known as "Matsnu" which is an infector which acts like a backdoor after it infiltrates a computer system.

This malware (referring to Matsnu) could possibly upload and execute any types of file on a system which will allow the attacker to execute files and encrypt files on disc or steal sensitive data.

Authors of the malware used a technique called DGA (Domain Generation Algorithm) to communicate with C&C server which protects the image of the malware from any attempted string dumping, blacklisting dumped domains or shutting down of domains. DGA makes blocking of activities related to network more difficult because new domains are generated for specified time period. Matsnu has many anti-disassembling features and packing techniques which make the process of analysis more challenging.

The malware uses two predefined dictionaries such as few constants and variables to generate domains and the number of days since the epoch. Domains are created for the present day along with two previous days and encrypted for use at later stage.

Matsnu after installation can collect information about the computer ranging from user and name of the computer to the edition of the system of the computer, platform architecture, data of CPU and graphics card.

It also confirms certain registry keys to verify if it can run in a virtual atmosphere which can alert about an attempt of malware analysis.

All the packets holding information collected from the maligned machine are encrypted with the use of RSA asymmetric cryptographic algorithm. This is regarded as strongest kind of encryption at the moment and depends on two unlike keys, one 'public' for data encryption process and other private for decryption.

After fastening the data in this manner, Matsnu encodes it with Base64 and tosses it to the C&C server through plain HTTP. This method averts anyone interrupting the traffic from knowing the packets content.

Alternatively, server received packets, are encrypted with AES (Advanced Encryption Standard) as a manual routine.

Interestingly, Kaspersky identifies Matsnu as Androm backdoor and other antivirus firms recognize it as Boxed.DQH (AVG).

» SPAMfighter News - 7/17/2015

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page