Results 1 to 1 of 1
-
6th Jul 2014, 01:50 PM #1
Kivars Malware Adapted for 64-bit Systems
With increasing adoption of 64-bit systems, malware authors started to adapt their code to target these platforms. New variants of Kivars, an older piece of malicious software written for 32-bit, have been discovered to show a preference for the 64-bit machines, too.
Security researchers at TrendMicro have analyzed fresh samples of the malware and found that they had slight differences compared to the regular 32-bit releases.
The functionality remains the same, Kivars being able to download and upload data, execute and manipulate files, uninstall the malware service, grab pictures, enable or disable the built-in logging component, as well as trigger mouse and keyboard input.
After the dropper, identified by TrendMicro as TROJ_FAKEWORD.A, is launched, two executable files and a Microsoft document are downloaded. The document is used as a decoy.
TROJ_FAKEWORD.A relies on the RLO (Right-to-Left Override) feature in Windows and on a Word icon to mask the fact that it is in fact an executable file. The file appears to be harmless at first glance, since the extension seems to be that of a Microsoft Word document.
However, taking a look at the file type column reveals the deceit; unfortunately, very few users verify suspicious files this way.
According to Kervin Alintanahin, a threats analyst at TrendMicro, the loader and the dropped backdoor payload have random file names in the 64-bit version of the malicious software. The loader, just like in the 32-bit version, is installed as a service, named Iprip, Irmon or ias.
The latest variants of the malware rely on a modified version of the RC4 algorithm which integrates an extra byte that is added to the XOR’red output if it is equal or greater than 80h.
Communication with the command and control servers is also different, as the new Kivars delivers a key generated from a random packet that triggers a reply from the remote machine.
Then, it starts sending details about the infected computer, such as the IP address, version of the operating system, hostname, version of the malware, keyboard layout and the recent documents or desktop folder.
TrendMicro security researchers found evidence that the bad actors behind Kivars have also used Poison RAT (remote access Trojan) in their campaigns. They made the connection based on a command and control server that was contacted by both pieces of malware.
With more and more 64-bit systems becoming available, an increase of malicious attacks with software crafted for these machines is to be expected.Kepler Reviewed by Kepler on . Kivars Malware Adapted for 64-bit Systems http://i1-news.softpedia-static.com/images/news-700/Kivars-Malware-Adapted-for-64-bit-Systems.jpg With increasing adoption of 64-bit systems, malware authors started to adapt their code to target these platforms. New variants of Kivars, an older piece of malicious software written for 32-bit, have been discovered to show a preference for the 64-bit machines, too. Security researchers at TrendMicro have analyzed fresh samples of the malware and found that they had slight differences Rating: 5
Sponsored Links
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Similar Threads
-
I Want C and C++ for windows seven 64 Bit
By indianmoviefans.info in forum General DiscussionReplies: 3Last Post: 11th Oct 2011, 01:21 PM -
Panel For CentOS 64-bit
By viruz99 in forum Hosting DiscussionReplies: 4Last Post: 21st Jun 2011, 05:16 PM -
need red5 working installation for centos 64 bit
By onel0ve in forum Server ManagementReplies: 2Last Post: 6th May 2011, 09:08 AM -
centos 64 bit with capnel
By mohito in forum General DiscussionReplies: 2Last Post: 29th Jun 2010, 12:47 PM -
Another Legit Ms Windows 7 RC 64 bit key
By Dell23 in forum Completed TransactionsReplies: 1Last Post: 10th Sep 2009, 02:54 AM
themaManager - edit and manage...
Version 4.04 released. Open older version (or...