It’s a truism that even the bleakest circumstances look a bit brighter after a good nap. Well, that wisdom isn’t lost on malware authors either. A newly discovered Trojan Horse program, dubbed Trojan Nap, is programmed to use extended sleep cycles to fool behavior based anti-malware tools, according to a report from the firm FireEye. In a blog post Tuesday, researchers Abhishek Singh and Ali Islam said the new malware has a function, dubbed SleepEx() that can be used to configure long “naps” that the malware takes after it is installed on a compromised system. The default value, 600,000 milliseconds – or 10 minutes – seems designed to fool automated analysis systems that are programmed to capture a sample of behavior for a set time frame. “By executing a sleep call with a long timeout, Nap can prevent an automated analysis system from capturing its malicious behavior,” FireEye said. Like other […]
Tag: malware
You’ve Been Hacked By APT! (The Video)
The whole APT – or “Advanced Persistent Threat” – meme has received a lot of attention in the media. This site and others have written about APT-style hacks, such as the recent compromise at The New York Times. But what does an APT hack look like? And what would it mean if you or your employer were in the crosshairs of an APT-type actor? The SANS Institute’s Securing The Human project has put together a nice training video that helps answer some of these questions, and to explain how APT-style attacks work. This is good stuff – explaining the difference between cyber crime and APT, and generic enough that any organization could use it as a training video. SANS says that it will produce one of these a month, and post them on the first of each month. My only criticism here is that, after they do a solid job describing […]
Weekend Security Reads – Our Picks
This was another eventful news week in the security world – stories about hacks on two, prominent newspapers, and a widespread hole in UPnP, a technology that all of us use, but never pay much attention to. (Always a dangerous combination.) Let’s face it, Friday is a time for decamping from the office, not taking on some weighty new mental project or thought provoking issue. But, come Sunday morning over coffee, you might just be ready to switch your higher cognitive functions on again. If so, here are some Security Ledger picks for good weekend reads: Hacking the Old Gray Lady – Slate.com The top security story this week was the string of revelations about sophisticated, targeted attacks against leading U.S. newspapers, including The New York Times and The Wall Street Journal. The Washington Post may also have been infiltrated, according to a report on Krebsonsecurity.com. The attacks by so-called […]
New York Times Hack Puts Antivirus on Defensive
The big news this morning is the New York Times’ scoop on…well…itself. According to a report in today’s paper, the Times’s computer network was compromised for more than four months by attackers believed to be located in China. The attacks followed a Times exposé on the wealth accumulated by family members of China’s prime minister, Wen Jiabao – one of a series of reports in Western media outlets that raised questions about corruption and influence peddling in China’s ruling Communist Party. Attackers planted 45 pieces of information-stealing malware on Times systems, despite the presence of antivirus software from Symantec Corp. protecting those systems before, during and after the hack. The story is fueling debate about the value of anti-virus software and prompted Symantec to issue a statement defending its technology, but warning that signature-based antivirus is not enough to stop sophisticated attacks. According to the Times report, the attacks used compromised systems on […]
Are Cyber Criminals Using Plus-Sized Malware To Fool AV?
Obesity is an epidemic in the United States. And it looks as if it may soon be a problem in malware circles, as well. After years watching malware authors pack their poison into smaller and smaller packages, one forum frequented by those seeking help with virus infections says that they’re seeing just the opposite: simple malware wrapped within obscenely large executables – in one case, over 200 megabytes. A post on the French-language web site Malekal.com on Thursday described what may be a nascent trend towards ‘plus size’ malware executables. In at least two cases in recent days, the forum has seen evidence of Trojan Dropper programs that deposit very large files – between 16 megabytes and 200 megabytes – on infected systems. In one case, the author discovered an exploit kit that deposited a very large file – around 16 megabytes- on infected systems. In a separate incident, he […]
