Malware scrambles to evade defenses


A Trojan horse program designed to compromise systems uses the Microsoft Windows' Encrypted File System to scramble its payload and evade detection, warned a researcher at security firm McAfee this week.

The attack tool consists of two main components, a dialer known as Qdial-45 and an encrypted downloader known as Spy-Agent.bf. The dialer disconnects the current modem connection and then dials a premium service for displaying adult content. The downloader uses the Encrypted File System (EFS) to obfuscate itself and retrieves updated content from a list of sites on the Internet. Malware scrambles to evade defenses

Linked by shanmuga Friday, 8th September 2006 1:54AM