3 min read

Malware Trivia: Episode 2

Bogdan BOTEZATU

February 07, 2011

Malware Trivia: Episode 2

 

 

 

1. "Rootkit infection" is a term that is often thrown around, but it seems like a catch-all term for many different serious threats. What exactly constitutes a rootkit infection? Are there specific attributes and files that malware has to affect in order to be a rootkit? Many rootkit infections seem to come back, even when removed with AV software, so why are they so difficult to get rid of? – Question asked by Aegaeon

Rootkit infections are caused by malware that come bundled with a rootkit, which usually is a system driver that subverts the operating system. Once installed, it can alter critical features of the operating system, or even to impair some antivirus solutions. Generally, malware that can install a user-mode or kernel-mode driver, are labeled as rootkits. There are also hypervisor-mode rootkits and bootkits, but they are pretty rare.  Rootkit infections pose a particular danger because they are usually capable to fool the very systems that should detect it. However, antimalware solutions with anti-rootkit defense can successfully detect and eliminate these threats.

2. Can you give an overview on any specific botnet's command and control structure (eg – conficker, waladec, zeus)? Why is it so hard for authorities to take these down? What type of cryptographic mechanisms do they have to protect themselves? – Question asked by Aegaeon

These botnets are extremely complex and we’ll discuss them in detail in upcoming articles. Most of the times, authorities are unable to track and terminate them because of the lack of resources, lack of cooperation between organizations (such as between the law enforcement agencies and ISPs) or simply because of the fact that monitoring the C&Cs require them to breach into the servers hosting them, which is illegal in most of the countries. More than that, today’s botnets are comprised of computers infected with sophisticated malware that use multiple layers of protection to run undetected and download updated versions of highly obfuscated bots.

3. Obfuscation is used frequently in today's malware. How do the bad guys obfuscate their code so that it still works and is not detected by AV engines? What do the Engineers at BitDefender have to do so that their security software detects the malicious code within the obfuscated mess?

The most frequently encountered method of obfuscation is packing. Malware authors use a wide range of custom, non-commercial and very complex packers (also known as FUD – fully undetectable) to hide their malicious payloads. We have seen instances of malware that would change their packer 5 or 6 times per day in order to avoid detection. In order to fight obfuscation, BitDefender has complemented traditional string scanners with additional protection technologies, such as sandboxing, heuristics and behavioral analysis, which allow the antivirus to detect malicious code that has been highly obfuscated.

4. Why do mobile phones need to be protected? – question asked by Waran

A large part of the mobile phone market is currently made of smartphones – high-end phones running a fully-fledged operating system and supporting the installation of third-party applications. Just like desktop PCs, laptops or netbooks, these smartphones can be successfully exploited by malware either via vulnerabilities in the operating system, or through the installation of an infected application such as a game or a rogue media player.

If some of these malicious applications can harvest contact details and login credentials used in mobile browsing sessions, others can actually leave you in debt. One of the most important e-threats on the mobile market is the dialer Trojan, a piece of malware that lived its heyday in the dialup internet era and makes now a comeback on mobile handsets. These dialers can stealthily call premium-rate numbers and add these expenses to your bill. Leaving your smartphone unprotected can actually be similar to writing a blank check to cyber-criminals. 

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

How to keep your Android device immune to malicious vaccine themed apps How to keep your Android device immune to malicious vaccine themed apps
Cristina POPOV

April 22, 2021

2 min read
Facebook Takes Down Two Hacking Groups Operating out of Palestine Facebook Takes Down Two Hacking Groups Operating out of Palestine
Silviu STAHIE

April 22, 2021

2 min read
Ransomware attack causes supermarket cheese shortage in the Netherlands Ransomware attack causes supermarket cheese shortage in the Netherlands
Graham CLULEY

April 13, 2021

2 min read