Current time: 03-21-2018, 11:38 PM Stay in touch via Twitter Facebook RSS Feed
Ada Baiknya anda baca Peraturan Forum ForNesia Disini Dan Disitu Sebelum Terlambat!
System Registration Forums Mulai Kedepan Sewaktu waktu akan Di Tutup.
Silahkan Dibaca Mengenai Auto Pruning User . Agar tidak ada pertanyaan lagi tentang kehilangan akses forum.

[Info] Banking Trojan Uses Simple Method to Evade White Hats’ Analysis

05-05-2015 02:59 AM Banking Trojan Uses Simple Method to Evade White Hats’ Analysis

ForNesiaFreak Away
Fake Admin
Lightning Immortals

Posts: 1,419
Joined: Jan 2014


FCoin: 28,761.40ƒc

Wing of ForNesiaExtreme StaffTrusted Person
Dyre banking malware installs only on certain systems

[Image: Banking_Trojan_Uses_Simple_Method_to_Evade_White.jpg]

A new variant of Dyre banking Trojan has emerged with a simple, yet efficient trick that prevents malware researchers from analyzing it.

The malware is also known as Dyreza and was first spotted last year, in June. Since then, its prevalence increased, each new version improving its detection evasion tactics and enlarging the number of financial institutions on the target list.

For malware analysis, researchers rely on virtual machines (VM), software-based solutions that create an isolated space and mimic the hardware components of real-life systems.

To reduce resource usage, the VMs imitate computers with a single CPU core, and it is this default configuration that the latest variants of Dyre are exploiting to prevent inspection of their behavior on an infected computer.

Dyre avoids technologically outdated systems

Security researchers at Seculert found that after compromising a system, the banking Trojan checks how many cores are available. If more than one are detected, the malicious activity is halted immediately, as it is likely to be an analysis environment since today’s computers ship with multi-core processing power.

This behavior was recorded earlier in April by researchers at Sophos, who suggest cranking up the number of processing cores in the VM to at least two.

Aviv Raff, CTO of Seculert, said in a blog post last week that they witnessed Dyre’s evasion tactic on virtual machines from eight vendors, half of the products being non-commercial and publicly available, and the other half consisting of commercial solutions, configured with only one CPU core; they all failed to analyze the malware sample.

“Trying to put ourselves in the mindset of the cyber criminals, it is possible that they conducted their own research and determined that this one particular technique or check was the key to remaining undetected by sandboxing solutions. Subsequently, we have provided the details to the relevant security vendors,” Raff says.

User agents are now more inconspicuous

Dyre is often delivered by Upatre, a popular malware dropper that has seen some improvements of its own. One of them, noticed by Cisco, is changing the user agent used for communication with the command and control (C&C) server, which now looks legitimate and makes it more difficult to detect signs of malicious traffic exchange.

A similar tactic has been observed by Seculert in the new variants of Dyre in order trick signature-based malware detection products.

Source :


05-05-2015 05:40 AM RE: Banking Trojan Uses Simple Method to Evade White Hats’ Analysis

sademin Away
FNS Member

Posts: 122
Joined: Jun 2014


FCoin: 2.36ƒc
aq gk bisa bhs inggris nih oom :3 apa artinya buahaha

Sakbejo-bejane wong kang lali,isih bejo wong kang eling lan waspodo
05-05-2015 01:39 PM RE: Banking Trojan Uses Simple Method to Evade White Hats’ Analysis

djtechwork Away

Posts: 40
Joined: Dec 2014


FCoin: 2.20ƒc
Thanks God, I don't have money in bank. So, no need to worry about the trojan..

05-05-2015 03:25 PM RE: Banking Trojan Uses Simple Method to Evade White Hats’ Analysis

dodi Away
Neubie Lovers
Anime Lovers

Posts: 248
Joined: Dec 2014


FCoin: 200.71ƒc
ini virus jenis baru yah om yg lolos adri deteksi anti virus

[Image: Fornesia.gif]
06-26-2015 12:35 AM RE: Banking Trojan Uses Simple Method to Evade White Hats’ Analysis

crippledmoron Away

Posts: 46
Joined: Jun 2015


FCoin: 2.05ƒc
So ...eventually a thief will always found a way to infiltrate a system ..

It's just a matter of when and will .. lol .. . pleasee define safe ???? no one and nothing is safe now .

CrippledMoron | Walk Alone If You Want To Travel Fast, But Walk Together If You Want To Travel Far
06-29-2015 12:26 AM RE: Banking Trojan Uses Simple Method to Evade White Hats’ Analysis

senoya Away
FNS Member

Posts: 134
Joined: Sep 2014


FCoin: 236.74ƒc
recently, i also found many spyware, adware and malware in my notebook, i think it has been lasting for a year but i didnt aware.

spyware adware or malware are very dangerous to our personal information, bank account, etc. They generate a new variant everyday, so be careful guys

senoya, proud to be a member of ForNesia Family since Sep 2014. dan saya suka Kimcil.

Search thread: