Thursday, August 23, 2012

Trojan Crisis can get into a virtual environment

Symantec researchers published a report on a detailed analysis of the malicious application

About a month ago, the company Intego, specializing in computer security, reported the discovery of a new worm for Mac, creates a backdoor on the infected system. It was also reported that the virus is able to monitor the activities of the user, including the tracking of the cursor movement, keystrokes, intercept messages of different IM-client record from web-camera and microphone to send malicious data from the clipboard, calendar, address book, etc.

Malicious application, called Crisis or Morcut, was first discovered by researchers from VirusTotal as JAR-file, the analysis of which showed that it contains a file called WebEnhancer, as well as two of the Windows and OS X.

Deepen the analysis, researchers from Symantec found that the Windows version uses three methods spread itself: through removable storage devices, VMware virtual machines and the devices Windows Mobile.

Unlike most other malware that self-image is deleted if a VMware virtualization software on the infected computer, to avoid the analysis, Crisis mounts the image and copies itself to it using VMware Player.

View the report Symantec here

No comments:

Post a Comment