Malware

What is Malware?

Malware is an umbrella term for various types of malicious programs that are delivered and installed on end-user systems and servers. These programs fall into commonly referred to categories such as:

  • Ransomware – prevent access to files unless a fee is paid
  • Backdoors – remote users can access a system and possibly move laterally
  • Banking Trojans – view or steal banking credentials to access accounts
  • Keyloggers – capture typing, especially credentials
  • Stealers – steal data like contacts, browser passwords, etc
  • RAT – remote access tools for broad remote control capability
  • Downloaders – download other malware, depending on a number of factors
  • POS – compromise a point of sale device to steal credit card numbers, debit card and pin numbers, transaction history, and more

More sophisticated malware will combine the capabilities of more than one of the above, and we frequently see malware employing evasion tactics to avoid detection.

A snippet of variable initialization code from the large array of encoded strings

Evasion Techniques

Evasion techniques are an important topic, as security tool effectiveness goes down when attackers apply one or more evasion techniques successfully. A subset of these techniques are below:

  • Code obfuscation – use of encoding to hide code syntax
  • Code compression – use of compression formats like gzip, zip, rar, etc to hide code syntax
  • Code encryption – apply any number of encryption techniques to hide code syntax
  • Steganography – hide code or programs in images
  • Domain or IP range avoidance – identify domains or IPs owned by security companies and deactivate malware if it is in those locations
  • User action detection – look for actions like right or left clicks, mouse moves, and more
  • Time delays – lie dormant for a period of time, then activate
  • Recent file detection – look for past actions like opening and closing files from multiple applications
  • Device fingerprinting – only execute on certain system configurations

Attackers can employ one or more of the evasion techniques to give their malware a better chance of avoiding detection and only running on human run systems.

Malware Within Organizations

Malware has been seen attacking organizations in nearly every vertical. While some criminals use malware to directly attack an organization, we’ve seen malware attacks attempt to sidestep the normal delivery via email.

Attacking companies that rely on the exchange of external documents has proven to be a good target for criminals. As every organization depends on people, criminals have keyed into the opportunity to drive malware to targeted companies through the HR function. By using a direct upload or sending resumes through recruiting job sites, attackers have been able to deliver resumes directly to employees while avoiding a key detection mechanism, the secure email gateway.

security you can trust

Read More About Malware

Article

Backdoored Litecoin Wallet Spread via Typosquatted Domains

Cryptocurrencies are increasingly being used for mainstream applications, outside of the dark web markets where they still dominate for anonymous payments.

Read More

Article

Meet Ovidiy Stealer: Bringing credential theft to the masses

Proofpoint threat researchers recently analyzed Ovidiy Stealer, a previously undocumented credential stealer which appears to be marketed primarily in the Russian-speaking regions.

Read More

Article

Threat actor goes on a Chrome extension hijacking spree

Chrome Extensions are a powerful means of adding functionality to the Chrome browser with features ranging from easier posting of content on social media to integrated developer tools.

Read More
next generation email security

White Paper

The Human Factor 2017

Today’s advanced attacks focus more on exploiting human flaws than system flaws. To explore this under-reported aspect of enterprise threats, we created The Human Factor Report.

Download