Web Based Malware Gets Smart(er) and Nasty
The ongoing development of web based malware, we see the escalation of features along with the commoditization of anti-debugging features within modern malware. “Plain” simple feature sets started off to include what these malware creators are describing as managed binary crypting and firewall bypassing verification on demand in February of this year, to has matured to August’s overall anti antivirus software mentality as a key differentiation factor of malware.
So what new features are they working on? Anti tracing and emulation protection, PeID and PESniffer protection, as well as anti heuristic scanning .
Here’s a translated description (courtesy of the fine minds at Kasperksy) :
“- The binary works under admin and under normal user
– The binary is always run as the “current user”
– An unlimited number of bots can be loaded and integrated within the command and control, and with the geolocation feature, filters can be applied for a particular country
-After successful infection, the binary which is tested against popular firewall and proactive protection security ensures that the actions it takes and their order do not trigger protactive protection mechanisms in place
– binary file size is 25k, the size can be reduced once it’s crypted
– Doesn’t take advantage of BITS protocol
– Doesn’t allow an infected host to be infected twice
– Bypassing NAT and supporting “always-on” connections
– A simple, easy to configure web based admin panel”