MiniDuke's highly customized backdoor was written in assembler and is very small in size, being only 20kb. "The combination of experienced old school malware writers using newly discovered exploits and clever social engineering to compromise high profile targets is extremely dangerous," said the statement issued by the lab.
It said that the MiniDuke attackers are still active at this time and have created malware as recently as February 20. To compromise victims, the attackers used extremely effective social engineering techniques, which involved sending malicious PDF documents to their targets.
Once the system is exploited, a very small downloader is dropped onto the victim's disc that's only 20kb in size. This downloader is unique per system and contains a customized backdoor written in Assembler. When loaded at system boot, the downloader uses a set of mathematical calculations to determine the computer's unique fingerprint, and in turn uses this data to uniquely encrypt its communications later. It is also programmed to avoid analysis by a hardcoded set of tools in certain environments like VMware. If it finds any of these indicators, it will run idle in the environment instead of moving to another stage and exposing more of its functionality by decrypting itself further; this indicates the malware writers know exactly what antivirus and IT security professionals are doing in order to analyze and identify malware.
Anda sedang membaca artikel tentang
Kaspersky Lab identifies malware MiniDuke
Dengan url
http://pijitsehat.blogspot.com/2013/03/kaspersky-lab-identifies-malware_1.html
Anda boleh menyebar luaskannya atau mengcopy paste-nya
Kaspersky Lab identifies malware MiniDuke
namun jangan lupa untuk meletakkan link
Kaspersky Lab identifies malware MiniDuke
sebagai sumbernya
0 komentar:
Posting Komentar