Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
News
Security News
Ars Technica used in malware campaign with never-before-seen obfuscation
Message
<blockquote data-quote="Andy Ful" data-source="post: 1073758" data-attributes="member: 32260"><p>I think that the Madiant researchers tried to show a novel way of abusing legal websites that can be pretty hard to detect. So, the payloads <strong><span style="color: rgb(184, 49, 47)">can survive undetected on the web and can be accessed by malware</span></strong>. Users cannot be infected by visiting the abused websites, but those legal websites can be a part of a successful attack.</p><p>In this way, the malicious code is not stored in the initial malware and the initial malware <span style="color: rgb(184, 49, 47)"><strong>does not contain malicious URLs</strong></span>. The code is updated (after execution) from a legal website. Such malware has a great chance of bypassing AV detection.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 1073758, member: 32260"] I think that the Madiant researchers tried to show a novel way of abusing legal websites that can be pretty hard to detect. So, the payloads [B][COLOR=rgb(184, 49, 47)]can survive undetected on the web and can be accessed by malware[/COLOR][/B]. Users cannot be infected by visiting the abused websites, but those legal websites can be a part of a successful attack. In this way, the malicious code is not stored in the initial malware and the initial malware [COLOR=rgb(184, 49, 47)][B]does not contain malicious URLs[/B][/COLOR]. The code is updated (after execution) from a legal website. Such malware has a great chance of bypassing AV detection. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
