Smart malware takes computer safety concerns to new levels
Modern forms of malware have long used a variety of strategies that help them hide from antivirus and antimalware programs, but a malicious program known as Shylock actually makes efforts to keep researchers from studying it. Such study is, of course, essential in order to develop more efficient and thorough removal tools, which IT support experts and end users can use to help recover their systems when their computer safety has been compromised.
According to security experts at Trusteer, Shylock has code that permits it to determine when it has been activated over an RDP or remote desktop protocol. This type of activation allows computer security researchers to examine a piece of malware remotely, thus providing data protection for their own local systems. The makers of the Shylock malware are obviously aware of this and have built in this functionality in hopes that it will pose a bar to this type of study. When Shylock detects that it is running over an RDP connection, it will refuse to install itself.
“It appears to be trying to avoid being researched by simply not installing at all,” explained Amit Klein of Trusteer. “At this point, the malware researcher will leave the sample alone… Many malware samples can observe a lack of mouse movements or lack of user activity and will sleep for a few minutes in order to avoid automatic processing or analysis. Obviously, we see a trend here where a malware family is trying to avoid being analyzed or detected by humans.”
The evolution of malware into ever more intelligent forms means that it is more important than ever for SMBs to protect themselves as fully as possible. This means more than making sure that antivirus and antispyware programs are installed on all company machines. Instead, a coordinated, company-wide policy is imperative. Otherwise, machines that are running behind on updates due to employee error or other factors can be the weak link that causes the entire network chain to break.
No company wants Shylock to make its way into a system; the malware excels at financial fraud, injecting itself into browser code in order to steal passwords, logins, and other credentials related to financial websites that employees may need to visit as they complete their daily workflow.
The best way for an SMB to assure itself of robust data protection is to enlist the support of a professional IT company that can help them establish and carry out a company-wide antimalware effort.
Think you may have malicious software on your network?
Allow Great Lakes Computer to take a look at your data protection practices. Your first 2 hours of repair is free.