Posts Tagged ‘threat analysis’

Malware Trojan Horse

using the mouse to hide itself

The company Symantec announces new Trojans that embeds malicious code in your command will be executed when the mouse event handling. The virus can bypass the automated detection of threats, since its work no one uses the mouse.

According to data provided by the experts, this Trojan starts its work after a period of time in which not using the mouse. In particular, the malicious program unpacks his malicious code in 5 minutes, then waiting another 20 minutes, and added to the registry. Trojan network activity starts another 20 minutes later. This tactic allows the virus to remain undetected.

Another variant of the malware uses the Windows API – SetWindowsHookExA – to embed itself into the function that is responsible for the processes of the mouse. In normal operation, the Windows user sooner or later will make some action with the mouse and thereby activates a Trojan. (more…)