• Breaking news

    Friday, December 23, 2011

    Encrypted Malware inside JPEG Image file - New method by malware writers




    Dmitry Bestuzhev @KasperskyLab discovered a new type of malware infection method. He found the Encrypted malware is hidden inside the JPEG image file(it hash BMP file structure). After further analysis, he found that attacker used Block Cipher method.

    This is what the malicious program looked like after decryption:



    By using this technique, the virus creators kill several birds with one stone.
    • Firstly, it may cause automatic malware analysis systems to function incorrectly: the file would be downloaded and analyzed by the antivirus program, and given the all-clear; with time the link will be exempted from checks altogether.
    • Secondly, the administrators of the sites where such encrypted malicious files are hosted won’t be able to identify them as malicious and will leave them as they are.
    • Thirdly, some malware researchers may not have the time or necessary expertise to deal with them. All of this plays into the hands of the cybercriminals.

    This is the decryption script for the current status:

    No comments:

    Post a Comment

    About us

    TechArchivez is one of the most popular site for proxy, web technologies, mobile technology, Latest news, Etc

    Contact Form

    Name

    Email *

    Message *