One of the blogs I like to check in on regularly is Kaspersky labs' blog. Today I noticed an article about a new piece of malware, that works like the famous russian dolls. First it attracts users by spaming their ICQ accounts. Then it uses an encrypted/obfuscted javascript, to redirect the victim to download a java applet similarly obfuscated which then loads yet another obfuscated applet. Which loads another page with obfuscated which downloads a trojan horse which downloads another trojan horse. The last trojan horse as reported by Kaspersky labs changes on a weekly basis -- switching to a banking trojan currently.
So what can we make of this? First and foremost people fall prey to spam. Nothing new there. Second, it's become in the interest of criminals to attempt to slow the malware analysis process by using a set of complex interactions and scripts. One thing I wish the article had empahsized was how long did it take them to do the analysis of each piece and in total. As they've noted that the last trojan is changing regularly. This implies that the intermediary steps are staying relativly constant. But if they changed I imagine the analysis would take significantly longer each time.
All in all very interesting.
0 comments:
Post a Comment