An interesting tactic for hiding a Trojan has recently been spotted by Symantec researchers.
Instead of using entirely their own malicious code, the malware authors have decided to take advantage of the code belonging to the KingSoft WebShield browser protection software (part of the KingSoft Internet Security solution).
"The interesting part of this package is in its configuration, which allows an opportunity for malicious intent," explains researcher Éamonn Young. "Kingsoft WebShield has the ability to lock the home page to a specific domain as well as to redirect URLs based entirely on plain text configuration files. This means that a person with malicious intent can repackage it using malicious configuration files and use this as a home-made Trojan package."
More details - link
Instead of using entirely their own malicious code, the malware authors have decided to take advantage of the code belonging to the KingSoft WebShield browser protection software (part of the KingSoft Internet Security solution).
"The interesting part of this package is in its configuration, which allows an opportunity for malicious intent," explains researcher Éamonn Young. "Kingsoft WebShield has the ability to lock the home page to a specific domain as well as to redirect URLs based entirely on plain text configuration files. This means that a person with malicious intent can repackage it using malicious configuration files and use this as a home-made Trojan package."
More details - link
