Trojan removes evidence of its existence after delivering a file infector and a password stealer.
Researchers at Microsoft have spotted a Trojan downloader that does something very savvy yet rare: It deletes its own components so researchers and forensics investigators can't analyze or identify it.
The so-called Win32/Nemim.gen!A Trojan is also unusual in that, unlike most Trojan downloaders that are put in place to deliver the real payload, this Trojan is also the payload, according to Jonathan San Jose, a member of Microsoft's Malware Protection Center.
But the researchers lucked out and found some of pieces of the malware. "Most URLs that this trojan attempts to connect to for downloading are currently unavailable, but we got lucky and were able to find some of its components to investigate further," San Jose said in a blog post.
.jpg)
0 comments:
Post a Comment