3 min read

Not a New Technique in Operation Shaheen Attack

Bitdefender Enterprise

November 22, 2018

Not a New Technique in Operation Shaheen Attack

The advanced attack targeting Pakistan described by Cylance mentions an evasion technique that incapacitates the security solutions provided by 8 vendors. Bitdefender products have been successfully blocking this threat since 2016. We conducted our own analysis of this malware and we have new findings to share.

1. The evasion technique described by Cylance in the paper is not a mechanism to bypass the 8 security solutions, but a shutdown mechanism that renders the malware inactive. Once the malware identifies the presence of Bitdefender security solution, it shuts down.

2. As long as the malware stays inactive, it cannot perform any malicious operations on the machine or on the network.

3. As soon as the malware activates and is executed, it is immediately picked up by Bitdefender.

4. The choice of rendering the malware inactive on systems where Bitdefender solutions are present is most likely related to the fact that Bitdefender was successfully detecting the RTF exploit. Both our internal testing and the VirusTotal sample submission show that the our solutions were able to pick the malware up.

5. This technique of shutting down the malware in the presence of a security solution is nothing new or unusual. Several other malware families have code that stops the malware from executing further in specific circumstances for fear of sounding alarms.

Here at Bitdefender we take security extremely seriously. Our internal analysis shows that most of the samples mentioned by Cylance in the report were detected by all Bitdefender security solutions since 2016 both via signatures and behavioral technologies.

Customers  running the Bitdefender Elite HD product were also covered by detection via machine learning technologies (Gen:Illusion.ML.Skyline.B  and Gen:Illusion.ML.Miura.C) as well as via neural network technologies (Gen:NN.ZemsilN.22810, Gen:NN.ZelphiN.22810.KGW) .

For the past 8 years, Bitdefender's detection technologies have received numerous accolades from independent testing organizations such as AV-Test and AV-Comparatives. Our detection technologies are being licensed by almost 40% of competing antimalware vendors, which once again outlines the effectiveness of our capability to detect emerging malware and targeted attacks.



Bitdefender Enterprise

Bitdefender is a global security technology company that delivers solutions in more than 100 countries through a network of value-added alliances, distributors and reseller partners. Since 2001, Bitdefender has consistently produced award-winning business and consumer security technology, and is a leading security provider in virtualization and cloud technologies. Through R&D, alliances and partnership teams, Bitdefender has elevated the highest standards of security excellence in both its number-one-ranked technology and its strategic alliances with the world’s leading virtualization and cloud technology providers.

View all posts

You might also like