Self-cloaking malware



EH-Net Columnist
EH-Net Columnist

Posts: 49

Joined: Sat Sep 23, 2006 9:55 am

Post Tue Jun 05, 2007 7:05 pm

Self-cloaking malware

I just read an article that is about malware that is brilliant and unbelievably frightening simultaneously.  Basically, if an infected machine is told to go to a hostile site and it has (the machine) already visited the site, the ip address is used to filter the infected machine to a "benign" page. 

It goes without saying how much more difficult this can make it to identify what exactly is happening on the target machine.  The full article is here: http://www.vnunet.com/vnunet/news/21912 ... re-evasive

If you don't mind the minor headache of having to temporarily allow scripts to run, I highly recommend noscript.net


Post Wed Jun 06, 2007 12:46 pm

Re: Self-cloaking malware

Malware authors are using more and more tricks to hide their tracks and block inspection by security professionals. Encoded malware, selective delivery based on the browser type and many other techniques are regularly employed.

It keeps us on our toes I suppose. Never a dull moment.


Return to RichM

Who is online

Users browsing this forum: No registered users and 0 guests

Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software