Characteristics of data-stealing malware
-
Does not leave traces of the event -
The malware is typically stored in a cache which is routinely flushed -
The malware may be installed via a drive-by-download process -
The website hosting the malware as well as the malware is generally temporary or rogue
Frequently changes and extends its functions
-
It is difficult for antivirus software to detect final payload attributes due to the combinations of malware components -
The malware uses multiple file encryption levels
Thwarts Intrusion Detection Systems (IDS) after successful installation
-
There are no perceivable network anomalies -
The malware hides in web traffic -
The malware is stealthier in terms of traffic and resource use
Thwarts disk encryption
-
Data is stolen during decryption and display -
The malware can record keystrokes, passwords, and screenshots
Thwarts Data Loss Prevention (DLP)
-
Leakage protection hinges on metadata tagging, not everything is tagged -
Miscreants can use encryption to port data
Examples of data-stealing malware
-
Bancos, an info stealer that waits for the user to access banking websites then spoofs pages of the bank website to steal sensitive information -
Gator, spyware that covertly monitors web-surfing habits, uploads data to a server for analysis then serves targeted pop-up ads -
LegMir, spyware that steals personal information such as account names and passwords related to online games -
Qhost, a Trojan that modifies the Hosts file to point to a different DNS server when banking sites are accessed then opens a spoofed login page to steal login credentials for those financial institutions
Post a Comment