Malware using the mouse to hide itself

Posted: October 30, 2012 in IT Security News, Vulnerability News
Tags: , , ,

Malware Trojan Horse

using the mouse to hide itself

The company Symantec announces new Trojans that embeds malicious code in your command will be executed when the mouse event handling. The virus can bypass the automated detection of threats, since its work no one uses the mouse.

According to data provided by the experts, this Trojan starts its work after a period of time in which not using the mouse. In particular, the malicious program unpacks his malicious code in 5 minutes, then waiting another 20 minutes, and added to the registry. Trojan network activity starts another 20 minutes later. This tactic allows the virus to remain undetected.

Another variant of the malware uses the Windows API – SetWindowsHookExA – to embed itself into the function that is responsible for the processes of the mouse. In normal operation, the Windows user sooner or later will make some action with the mouse and thereby activates a Trojan.

But as an automated threat analysis system doesn’t use a mouse, the code remains dormant so an automated threat analysis system may not detect it as malware.

Recall that in 2011, experts Symantec found 400 samples of malicious software that can bypass the automated malware analysis.

Symantec’s report is available here

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s