With the New Year barely settled in, we are already experiencing a host of IT security threats which if left unchecked, could lead to a range of ramifications previously unheard of. The most recent and grave of these threats was discovered by Kaspersky Lab (a Russian multi-national computer security company which provides Antivirus and Internet Security software)
The Trojan banker dubbed the "WhatsApp For Pc Trojan" poses as a message to the unsuspecting victim "this message says that WhatsApp for PC is finally available and that the recipient already has 11 pending invitations from friends in his account." The email which was originally discovered by the Kaspersky Team as a spam, looks like;
When the victim makes the unfortunate mistake of clicking he is immediately sent "to a hacked server in Turkey and will then be redirected to a Hightail (Yousendit) account to download the initial Trojan, which in the system looks like a 64 bits installation file" according to Dmitry Bestuzhev, a Kaspersky Lab Expert, who broke the news of the discovery.
The Trojan banker dubbed the "WhatsApp For Pc Trojan" poses as a message to the unsuspecting victim "this message says that WhatsApp for PC is finally available and that the recipient already has 11 pending invitations from friends in his account." The email which was originally discovered by the Kaspersky Team as a spam, looks like;
When the victim makes the unfortunate mistake of clicking he is immediately sent "to a hacked server in Turkey and will then be redirected to a Hightail (Yousendit) account to download the initial Trojan, which in the system looks like a 64 bits installation file" according to Dmitry Bestuzhev, a Kaspersky Lab Expert, who broke the news of the discovery.
But that is not all, the finding went to discover that the 64 bits installation file was actually a " standard 32 bits app with a moderate VT detection"
It gets worse, because apparently the creators of this Trojan, went to great lengths to ensure that it goes below the radar of most anti-virus software, it comes equipped with " some anti-debugging features like: UnhandledExceptionFilter() and RaiseException()". The discovery went on to find "it downloads a new Trojan that is banker itself." which is even harder to trace because "the malware comes from a server in Brazil and has a low VT detection 3 of 49" It also cleverly camouflages itself, by using the icon of an mp3 file with a small size of 2.5MB. Using the mp3 icon is a clever trick to fool most of us into thinking its a harmful media file, and consequently click ourselves into trouble.
The creators of this Trojan apparently dotted all their 'I's & crossed all their 'T's, because they hard coded it in Delphi XE5-Embarcadero (a rapid app development solution for software developers building true native apps for Windows, Mac, iOS and Android), which makes analysis twice as difficult because of its anti-debugging feature.
As soon as the malware is installed and functioning it begins its malicious duties loyally, by reporting "itself to the cybercriminals’ infections statistics console" using a local port 1157 to send compromised information "in the Oracle DB format." But it doesn't stop there, the discovery further revealed that even after sending compromised data from the infected computer, the malware goes a step forward to download a "new malware into the system" with an average size of 10Mb.
Malwares functioning in this order have been classically linked to Brazilian-malware creators. As Dmitry Bestuzhev went on to claim that "This is the classic style of a Brazilian-created malware". But not all is bad, accordingly Kaspersky Anti-Virus has been updated to detect & treat this form of malware. When will the other Anti-Virus companies update their virus databases? is a long shot question.
The best we can do for those of us who do not use Kaspersky Anti-Virus, is to take precautionary measures, questioning suspect mails/messages, regularly update our Virus Databases and visit the official sites for any recent releases presumed or otherwise. We could also use the power of what we call the "eRipple" which is sharing enlightening information as much as possible, with our close and extended circles to get the word out as fast as possible. This can atleast help thwart the scale of the attack and prevent otherwise innocent people from becoming the next victims.
Be careful! Stay Vigilant! Enjoy Life!
Malwares functioning in this order have been classically linked to Brazilian-malware creators. As Dmitry Bestuzhev went on to claim that "This is the classic style of a Brazilian-created malware". But not all is bad, accordingly Kaspersky Anti-Virus has been updated to detect & treat this form of malware. When will the other Anti-Virus companies update their virus databases? is a long shot question.
The best we can do for those of us who do not use Kaspersky Anti-Virus, is to take precautionary measures, questioning suspect mails/messages, regularly update our Virus Databases and visit the official sites for any recent releases presumed or otherwise. We could also use the power of what we call the "eRipple" which is sharing enlightening information as much as possible, with our close and extended circles to get the word out as fast as possible. This can atleast help thwart the scale of the attack and prevent otherwise innocent people from becoming the next victims.
Be careful! Stay Vigilant! Enjoy Life!
Articles
Aucun commentaire:
Enregistrer un commentaire