Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Security Statistics and Reports
An example of why malware testing should include real-world infection vectors.
Message
<blockquote data-quote="Andy Ful" data-source="post: 1086636" data-attributes="member: 32260"><p><strong><span style="font-size: 18px">An example of why malware testing should include real-world infection vectors.</span></strong></p><p></p><p>[URL unfurl="true"]https://www.threatdown.com/blog/new-go-loader-pushes-rhadamanthys-stealer/[/URL]</p><p></p><p><strong>Attack flow:</strong></p><p><strong><span style="color: rgb(41, 105, 176)">Malicious Ad</span></strong> ---> attacker-controlled domain ----> the computer IP stored on server + download the Loader ----> <span style="color: rgb(184, 49, 47)"><strong>the user executes the Loader -----> Loader checks the computer IP with that stored on server ----> the attack is stopped if the IPs are different</strong></span><strong> ----> ....</strong></p><p></p><p></p><p></p><p>The above fragment is crucial. Suppose the malicious sample (EXE dropper) is tested like in many video tests (<span style="color: rgb(184, 49, 47)"><strong>the red fragment in the attack flow</strong></span>). In such a case, the malware will not try to infect the system to avoid detection in the sandbox or the analyst environment. The proper testing must start from the real-world starting point (<strong><span style="color: rgb(41, 105, 176)">Malicious Ad</span></strong>)</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 1086636, member: 32260"] [B][SIZE=5]An example of why malware testing should include real-world infection vectors.[/SIZE][/B] [URL unfurl="true"]https://www.threatdown.com/blog/new-go-loader-pushes-rhadamanthys-stealer/[/URL] [B]Attack flow: [COLOR=rgb(41, 105, 176)]Malicious Ad[/COLOR][/B] ---> attacker-controlled domain ----> the computer IP stored on server + download the Loader ----> [COLOR=rgb(184, 49, 47)][B]the user executes the Loader -----> Loader checks the computer IP with that stored on server ----> the attack is stopped if the IPs are different[/B][/COLOR][B] ----> ....[/B] The above fragment is crucial. Suppose the malicious sample (EXE dropper) is tested like in many video tests ([COLOR=rgb(184, 49, 47)][B]the red fragment in the attack flow[/B][/COLOR]). In such a case, the malware will not try to infect the system to avoid detection in the sandbox or the analyst environment. The proper testing must start from the real-world starting point ([B][COLOR=rgb(41, 105, 176)]Malicious Ad[/COLOR][/B]) [/QUOTE]
Insert quotes…
Verification
Post reply
Top
