Encrypted Malware Scrambles to Evade Defenses
Robert Lemos writes over on SecurityFocus:
A Trojan horse program designed to compromise systems uses the Microsoft Windows' Encrypted File System to scramble its payload and evade detection, warned a researcher at security firm McAfee this week.More here.
The attack tool consists of two main components, a dialer known as Qdial-45 and an encrypted downloader known as Spy-Agent.bf. The dialer disconnects the current modem connection and then dials a premium service for displaying adult content. The downloader uses the Encrypted File System (EFS) to obfuscate itself and retrieves updated content from a list of sites on the Internet.
0 Comments:
Post a Comment
<< Home