Home Data Center Phishing Trojan Campaign Morphs at Scale to Defeat Legacy Detection

Phishing Trojan Campaign Morphs at Scale to Defeat Legacy Detection

0
Phishing Trojan Campaign Morphs at Scale to Defeat Legacy Detection
0

Phishing attacks are nothing new, but we are noticing a new trend for polymorphism, both in the wrapping document and in the dropped executable. In samples that are literally minutes old, we see the control server is re-obfuscating and updating the malware faster than anti-virus programs are updating their awareness.

The changes made are more than trivial substitution. As a result, there’s nothing in your perimeter or endpoint AV that’s preventing the malicious document from reaching end users and infecting them. It is only possible to detect this kind of fresh malware after you’ve become infected.

Here’s one example we saw earlier today. It’s a fairly standard phishing template and, using data stolen by the Trojan from other infected machines, pretends to be from a friend or acquaintance of the recipient. The email encourages the potential victim to click a link to download an alleged invoice.

Upon clicking the link, a document will download. This is what the email led the user to expect, so they will click on it. Here is the malicious document running inside a micro-VM, opened in front of the user who clicked on the phishing link:

Again, this is fairly standard; and as we see so often, the malware scarily detonates without any user interaction at all. As is often the case, there’s some social engineering to trick users into turning macros on if they have been disabled.

Using Bromium Secure Platform, this document has been isolated in a lightweight micro-VM. This is transparent to the user, but our hardware-based isolation allows us to safely continue execution of the malicious code, giving us a unique insight into what it is doing. This analysis is instantly fed back to our customer’s security team.

Read the entire article here, Phishing Trojan Campaign Morphs at Scale to Defeat Legacy Detection

via the fine folks at Bromium

Categories:
Bromium Bromium was founded in 2010 with a mission to restore trust in computing. The company’s founders, Gaurav Banga, Simon Crosby, and Ian Pratt, have a long and deep history of innovation in virtualization and security. Inspired by the isolation principles of traditional virtualization, the Bromium team has created a game-changing new technology called micro-virtualization to address the enterprise security problem and provide protection for end users against advanced malware. Bromium has its headquarters in Cupertino, California, and an R&D center in Cambridge, UK. The company is backed by top-tier investors, including Andreessen Horowitz, Ignition Capital, Highland Capital Partners, Intel Capital, Meritech Capital and Lightspeed Venture Partners.

Featured Resources:

Related Articles:

| LATEST FEATURED RESOURCES

White Papers

    Application Lifecycle Management with Stratusphere UX – White Paper

    Enterprises today are faced with many challenges, and among those at the top of the list is the struggle surrounding the design, deployment, management and operations that support desktop applications. The demand for applications is increasing at an exponential rate, and organizations are being forced to consider platforms beyond physical, virtual and cloud-based environments. Users […]

    Downloads

      Download Commvault VM Backup and Recovery: end-to-end VM backup, recovery and cloud management

      Commvault’s ability to provide end-to-end VM backup, recovery and cloud management creates a significantly better way to build, protect and optimize VMs throughout their lifecycle. Our best-in-class software for VM backup, recovery and cloud management delivers a number of significant benefits, including: VM recovery with live recovery options; backup to and in the cloud; custom-fit […]

      On-Demand Webinars

        What’s Going on in EUC Printing – A Technical Deep Dive!

        The IGEL Community and ThinPrint invite you to watch the following technical deep dive webinar. The agenda is to technically bring you up to speed on what’s going on in the EUC Printing space today along with a deep dive into new methods, technologies, printing scenarios and a discussion on why printing still matters. You […]

        Latest Videos

          Views All IT News on DABCC.com
          Views All IT Videos on DABCC.com
          Win big $$, visit ITBaller.com for more info!

          Visit Our Sponsors

          Close