MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.

2.2.09

Drive-by Update to spread malware

To say that nothing is new malicious codes currently have má increasingly aggressive capabilities of which are valid not only to achieve the classic action of infection, but also engage in other activities such as downloading in the victim system, a battery of malware.

The Drive-By Update allows the malware to establish a clandestine connection against a remote server in which a plain text file, runs the spread maneuver indicating the party responsible for primary infection, which files (malware) and from new download where.

Thus, from the time of infection, and all the disadvantages this entails, the equipment is subjected to manipulation of a real nest of malicious code that exploit the system with the most diverse activities for which it is designed current malware, machine becoming an active part of a botnet or part of a Fast-Flux structure, using it as a "bridge" to carry out targeted attacks and distributed to other targets.

In the following case, used as an example, the following malicious code downloaded from the pre-established list on the server. In the following ThreatExpert report gives detailed information about malware analysis.

> 28/39 (71.79%)">http://m.wuc8 .com/dd/1. exe>> > 28/39 (71.79%)">28/39 (71.79%)
> 25/39 (64.11%)">http://m.wuc8 .com/dd/2. exe>> > 25/39 (64.11%)">25/39 (64.11%)
> 24/39 (61.54%)">http://m.wuc8 .com/dd/6. exe>> > 24/39 (61.54%)">24/39 (61.54%)
> 31/38 (81.58%)">http://m.wuc8 .com/dd/9. exe>> > 31/38 (81.58%)">31/38 (81.58%)

Typically, these servers respond to farms, or cells of different volumes from which each of the copies hosted sites are mirrors and therefore discharged the same amount and variety of malware.

b.wuc7. com
d.wuc7. com
x.wuc7. com
m.d5x8. com
m.wuc8. com
w.c66f. cn
w.c66k. cn

However, in other cases the amount of malware referenced in the text file is usually larger like the variety between each of them.

Malware is increasingly dangerous and growing in volume and evolving in its complexity. Techniques how are you are the true test of this, giving us a real idea of their capabilities and how important it is for the health of our security, properly best practices to mitigate the harmful actions.

Related information
Understanding Fast-Flux networks
Malware attack via Drive-by-Download

Jorge Mieres

0 comentarios:

Post a Comment