Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Destover Wiping Malware’s Toolset Discovered

A new set of two tools integrated with Destover a wiping malware is helping the data-removing program spread its attack when navigating from one end-point to another across a computer network by bypassing detection, says Damballa.

Damballa names the two files it discovered as afset and setMFT supplementing Destover by adding significant utilities to the program. Afset erases Windows logs while for an executable it changes the checksum and time taken for build-up. Attackers find the utility precious as it lets them to leave clueless after navigating corporate networks that their Destover infects sequentially. Meanwhile, setMFT helps duplicate the timestamp configuration obtained in source file and copied onto the destination file, a process known as 'timestomping.' This operation lets the malware camouflage safe program.

Researchers at Damballa elaborate that if an infected computer is put through a complete forensic investigation, the afset would become noticeable as well as a missing log operation; however, this operation would possibly evade detection at first enabling a long infection retention time, reported theregister.co.uk dated November 23, 2015.

Senior Threat Researcher Willis McDonald with Damballa outlining the importance of the toolset states that to enable Destover spread its impact widely the attacker must successfully contaminate the maximum number of computers on the network while remain undetected, which's made possible with the toolset. Scmagazineuk.com reported this, November 24, 2015.

Worryingly, there occurs an effective merging of the toolset into system files that are legitimate. An improper inspection by security/information technology personnel mayn't indicate any warning signs as originally the twin utilities appear harmless. This implies that the attackers may pretend as inactive, while go undetected, deactivating network defenses, gathering user-credentials, as well as continuing their infection all over the infrastructure unidentified over overtly extended time-periods. And after the attacker kick starts his infection drive, the time the victim corporation takes to realize is long enough for the malware to already do its part.

Damballa summarizes, cyber-criminals perpetrating massive and long-term assaults launch their threats in an extremely organized, resolute and persistent manner, so malware tools such as Destover, setMFT or afset belong to an armory that cyber-criminals use in a distinctive cyber-attack.

» SPAMfighter News - 12/3/2015

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page