Thursday, September 07, 2006

Encrypted Malware Scrambles to Evade Defenses

Robert Lemos writes over on SecurityFocus:

A Trojan horse program designed to compromise systems uses the Microsoft Windows' Encrypted File System to scramble its payload and evade detection, warned a researcher at security firm McAfee this week.

The attack tool consists of two main components, a dialer known as Qdial-45 and an encrypted downloader known as Spy-Agent.bf. The dialer disconnects the current modem connection and then dials a premium service for displaying adult content. The downloader uses the Encrypted File System (EFS) to obfuscate itself and retrieves updated content from a list of sites on the Internet.

More here.

0 Comments:

Post a Comment

<< Home