Fighting against hidden malware is generally a losing battle for most, as malware can be found in unlikely places such as e-cigarettes, sandboxes, etc. Malware authors are looking for new and innovative methods to infect victims and this is causing Malware to constantly evolve. Lately, hidden malware is coming up in the most unlikely places, creating issues in malware-detection as well as web application security,for vendors and enterprises alike.
Well Known Defenses Can Be Bypassed by Customized Malware
A research by MRG Effitas Ltd. and CrySyS Lab, informed about four custom malware attacks, against five known defense products of advanced persistent threat (APT). One malware sample known as BaBO, was able to move through all five products, a second sample dodged three of those products and only two simplest samples could be detected, though alarm was triggered in some cases with low severity.
Sandboxes Are Not Able to Catch All Malware
Sandboxes are crucial in boosting an application’s defense, containing malicious programs and files in a secluded environment with no result to the underlying web applications. However, a number of malware authors are changing their attack patterns in order to identify and circumvent sandboxes. Some others are using methods such as cloaking, which helps in avoiding detection.
The vulnerability which was addressed as MS14-065, offered a reminder that no technology can be assumed as safe. Even sandboxes cannot be trusted emphasizing the importance of defense-in-depth.
DeathRing – a Preinstalled Smartphone Malware
There was a blog posted by Lookout Inc., about ‘DeathRing’ malware, which was preinstalled on a number smartphones, popular in Africa and Asia. The Trojan disguises as a ringtone and downloads WAP and SMS content from its control-and-command server to the device of the victim.
This malware causes more trouble, as it can be preinstalled on devices and cannot be uninstalled. And, also because it cannot be known when the device was purchased. It is known that the Deathring gets activated when the device is rebooted five times, or after it has been used 50 times.
It is suggested that users are aware of the devices purchased, regularly check for fraudulent phone bills and install mobile antimalware software on all such devices.
Malware can even be received through e-cigarettes. A Reddit post caused controversy over a malware infection through an e-cigarette charger, which was plugged into a computer USB port. It was claimed that the charger was hard-coded with malware.
While this post is debatable, enterprises should be careful about malware-ridden devices that connect to computers and corporate networks. USB connections are relied upon by many devices, from keyboards and mice to tablets and smartphones. No matter how unlikely, infections from such devices are not completely impossible.
The reality is that malware can show up due to varied infection mechanisms, especially when it seems least likely, especially because internet is continuously evolving.