Current time: 09-21-2018, 01:19 PM Stay in touch via Twitter Facebook RSS Feed
Ada Baiknya anda baca Peraturan Forum ForNesia Disini Dan Disitu Sebelum Terlambat!
System Registration Forums Mulai Kedepan Sewaktu waktu akan Di Tutup.
Silahkan Dibaca Mengenai Auto Pruning User . Agar tidak ada pertanyaan lagi tentang kehilangan akses forum.



[Info] Banking Trojan Uses Simple Method to Evade White Hats’ Analysis

05-05-2015 02:59 AM Banking Trojan Uses Simple Method to Evade White Hats’ Analysis
#1


ForNesiaFreak Away
Fake Admin
Lightning Immortals
***

Posts: 1,421
Joined: Jan 2014

Reputation:

FCoin: 28,765.40ƒc

Wing of ForNesiaExtreme StaffTrusted Person
Dyre banking malware installs only on certain systems

[Image: Banking_Trojan_Uses_Simple_Method_to_Evade_White.jpg]

A new variant of Dyre banking Trojan has emerged with a simple, yet efficient trick that prevents malware researchers from analyzing it.

The malware is also known as Dyreza and was first spotted last year, in June. Since then, its prevalence increased, each new version improving its detection evasion tactics and enlarging the number of financial institutions on the target list.

For malware analysis, researchers rely on virtual machines (VM), software-based solutions that create an isolated space and mimic the hardware components of real-life systems.

To reduce resource usage, the VMs imitate computers with a single CPU core, and it is this default configuration that the latest variants of Dyre are exploiting to prevent inspection of their behavior on an infected computer.

Dyre avoids technologically outdated systems

Security researchers at Seculert found that after compromising a system, the banking Trojan checks how many cores are available. If more than one are detected, the malicious activity is halted immediately, as it is likely to be an analysis environment since today’s computers ship with multi-core processing power.

This behavior was recorded earlier in April by researchers at Sophos, who suggest cranking up the number of processing cores in the VM to at least two.

Aviv Raff, CTO of Seculert, said in a blog post last week that they witnessed Dyre’s evasion tactic on virtual machines from eight vendors, half of the products being non-commercial and publicly available, and the other half consisting of commercial solutions, configured with only one CPU core; they all failed to analyze the malware sample.

“Trying to put ourselves in the mindset of the cyber criminals, it is possible that they conducted their own research and determined that this one particular technique or check was the key to remaining undetected by sandboxing solutions. Subsequently, we have provided the details to the relevant security vendors,” Raff says.


User agents are now more inconspicuous


Dyre is often delivered by Upatre, a popular malware dropper that has seen some improvements of its own. One of them, noticed by Cisco, is changing the user agent used for communication with the command and control (C&C) server, which now looks legitimate and makes it more difficult to detect signs of malicious traffic exchange.

A similar tactic has been observed by Seculert in the new variants of Dyre in order trick signature-based malware detection products.


Source :

Code:
http://news.softpedia.com/news/Banking-Trojan-Uses-Simple-Method-to-Evade-White-Hats-Analysis-480064.shtml

Need Mod
05-05-2015 05:40 AM RE: Banking Trojan Uses Simple Method to Evade White Hats’ Analysis
#2


sademin Away
FNS EMBER
FNS Member
**

Posts: 122
Joined: Jun 2014

Reputation:

FCoin: 2.36ƒc
aq gk bisa bhs inggris nih oom :3 apa artinya buahaha

Sakbejo-bejane wong kang lali,isih bejo wong kang eling lan waspodo
05-05-2015 01:39 PM RE: Banking Trojan Uses Simple Method to Evade White Hats’ Analysis
#3


djtechwork Away
HunteR
HunteR
*

Posts: 40
Joined: Dec 2014

Reputation:

FCoin: 2.20ƒc
Thanks God, I don't have money in bank. So, no need to worry about the trojan..

idk
05-05-2015 03:25 PM RE: Banking Trojan Uses Simple Method to Evade White Hats’ Analysis
#4


dodi Away
Neubie Lovers
Anime Lovers
***

Posts: 248
Joined: Dec 2014

Reputation:

FCoin: 200.71ƒc
ini virus jenis baru yah om yg lolos adri deteksi anti virus

[Image: Fornesia.gif]
06-26-2015 12:35 AM RE: Banking Trojan Uses Simple Method to Evade White Hats’ Analysis
#5


crippledmoron Away
HunteR
HunteR
*

Posts: 46
Joined: Jun 2015

Reputation:

FCoin: 2.05ƒc
So ...eventually a thief will always found a way to infiltrate a system ..

It's just a matter of when and will .. lol .. . pleasee define safe ???? no one and nothing is safe now .

CrippledMoron | Walk Alone If You Want To Travel Fast, But Walk Together If You Want To Travel Far
06-29-2015 12:26 AM RE: Banking Trojan Uses Simple Method to Evade White Hats’ Analysis
#6


senoya Away
FNS MEMBER
FNS Member
**

Posts: 134
Joined: Sep 2014

Reputation:

FCoin: 236.74ƒc
recently, i also found many spyware, adware and malware in my notebook, i think it has been lasting for a year but i didnt aware.

spyware adware or malware are very dangerous to our personal information, bank account, etc. They generate a new variant everyday, so be careful guys

senoya, proud to be a member of ForNesia Family since Sep 2014. dan saya suka Kimcil.




Search thread:


[-]
Advertisement