{"id":6294,"date":"2014-08-27T10:00:22","date_gmt":"2014-08-27T14:00:22","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=6294"},"modified":"2014-08-27T10:00:22","modified_gmt":"2014-08-27T14:00:22","slug":"research-team-creates-undetectable-malware-bound-to-legitimate-software-downloads","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2014\/08\/27\/research-team-creates-undetectable-malware-bound-to-legitimate-software-downloads\/","title":{"rendered":"Research team creates undetectable malware bound to legitimate software downloads"},"content":{"rendered":"<p style=\"text-align:center;\"><a href=\"http:\/\/www.techspot.com\/news\/57810-research-team-creates-undetectable-malware-bound-to-legitimate-software-downloads.html\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/08\/2014-08-21-image-11.jpg\" alt=\"\" \/><\/a><\/p>\n<p>Most cyber attacks from your typical home hacker, come by way of techniques used 10 years ago or more like phishing scams, poor password management, and things of that nature. But now it seems as though a research team from Germany has developed on all new strain of malware.<\/p>\n<p>The team from Ruhr University in Bochum, Germany has developed a new kind of malware that is able to tuck itself secretly beside legitimate software downloads. The malware isn&#8217;t in the the trusted software, but rather bound to it, enabling it to bypass many of the security measures in place for this kind of malicious software.<\/p>\n<p>Since the original application is not modified in anyway, not only does it allow the malware to sneak through, but it can also be a much larger file than usual, allowing for a much deeper feature set. The researchers explain, &#8220;upon starting the infected application the binder is started. It parses its own file for additional embedded executable files, reconstructs and executes them, optionally invisible for the user.&#8221;<\/p>\n<p>With some simple network redirecting, anyone making use of tactics like this only needs to man a single network point between the download server and the client to complete the process. While the team has suggested VPNs and HTTPs could be altered to catch bound malware like this, it doesn&#8217;t require any buffering while downloading and can easily pass through current malware fail-safe mechanisms undetected.<\/p>\n<p>While this is a research project and you are likely in no immediate danger of bound malware at this point, lets just hope it stays that way.<\/p>\n<p>via <a href=\"http:\/\/www.techspot.com\/news\/57810-research-team-creates-undetectable-malware-bound-to-legitimate-software-downloads.html\" target=\"_blank\">Research team creates undetectable malware bound to legitimate software downloads &#8211; TechSpot<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Most cyber attacks from your typical home hacker, come by way of techniques used 10 years ago or more like [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[7,9],"tags":[342,655,1177],"class_list":["post-6294","post","type-post","status-publish","format-standard","hentry","category-security","category-software","tag-exploits","tag-malware","tag-vulnerabilities"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-1Dw","jetpack-related-posts":[{"id":6713,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/10\/28\/rogue-tor-exit-node-server-added-malware-to-legitimate-downloads\/","url_meta":{"origin":6294,"position":0},"title":"Rogue Tor &#8216;exit node&#8217; server added malware to legitimate downloads","author":"NCCT","date":"October 28, 2014","format":false,"excerpt":"The Tor Project has flagged a server in Russia after a security researcher found it slipped in malware when users were downloading files. Tor is short for The Onion Router, which is software that offers users a greater degree of privacy when browsing the Internet by routing traffic through a\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":7648,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/02\/26\/chrome-security-update-warns-against-sneaky-software-downloads-as-well-as-malware\/","url_meta":{"origin":6294,"position":1},"title":"Chrome security update warns against sneaky software downloads as well as malware","author":"NCCT","date":"February 26, 2015","format":false,"excerpt":"Google is adding a new warning to Chrome in its continuing efforts to protect users from harmful actors on the web. The new red flag for Google\u2019s browser warns you when you\u2019re about to visit a site that encourages users to download harmful and unwanted software. Chrome isn\u2019t the only\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":3106,"url":"https:\/\/nccomputertech.com\/techtalk\/2013\/08\/05\/attackers-reported-seeding-cloud-services-with-malware\/","url_meta":{"origin":6294,"position":2},"title":"Attackers reported seeding cloud services with malware","author":"NCCT","date":"August 5, 2013","format":false,"excerpt":"LAS VEGAS -- Malware writers are ramping up their use of commercial file hosting sites and cloud services to distribute malware programs, security researchers said at this week's Black Hat conference here. Traditionally, malware writers had distributed their malicious code from their own sites. But as security vendors get better\u2026","rel":"","context":"In &quot;Networking&quot;","block_context":{"text":"Networking","link":"https:\/\/nccomputertech.com\/techtalk\/category\/networking\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":3213,"url":"https:\/\/nccomputertech.com\/techtalk\/2013\/08\/20\/researchers-manage-to-get-malware-published-in-apples-ios-app-store\/","url_meta":{"origin":6294,"position":3},"title":"Researchers manage to get malware published in Apple&#039;s iOS App Store","author":"NCCT","date":"August 20, 2013","format":false,"excerpt":"While the posting of malware remains a rare occurrence on Apple's iOS App Store, a team of security researchers figured out a way to get a malicious piece of software past Apple's certification team. The team from Georgia Tech said that the app was approved and published by Apple in\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":3197,"url":"https:\/\/nccomputertech.com\/techtalk\/2013\/08\/19\/malware-hijacks-mobile-ad-networks-to-siphon-money\/","url_meta":{"origin":6294,"position":4},"title":"Malware hijacks mobile ad networks to siphon money","author":"NCCT","date":"August 19, 2013","format":false,"excerpt":"Asian cybercriminals have figured out an unusual way to use the architecture of a mobile ad network to siphon money from their victims. The new method represents another step in the evolution of mobile malware, which is booming with more smartphones shipping than PCs. Mobile ad networks open up the\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":7608,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/02\/12\/virustotal-tackles-the-tricky-false-positives-problem-plaguing-antivirus-software\/","url_meta":{"origin":6294,"position":5},"title":"VirusTotal tackles the tricky false positives problem plaguing antivirus software","author":"NCCT","date":"February 12, 2015","format":false,"excerpt":"VirusTotal, a Google-owned online malware scanning service, is creating a whitelist of products from large software vendors to reduce bad detections by antivirus programs. False positive detections are common in the antivirus industry. They occur when a benign program is wrongfully flagged as malicious due to an overly broad detection\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/6294","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=6294"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/6294\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=6294"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=6294"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=6294"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}