NOW READ THIS
("Security Advisory")

Go Back

Submitted by: Bill Hickey
NCVA List Master

NRT-0497 Kraken Malware Variant:


Security researchers have identified a significant new variant of the Kraken malware. The new variant was detected by PC Tools' ThreatFire system, which reportedly looks for behavior characteristic of malware rather than relying on signature-based detection. Researchers at the company claim signature-based tools have a poor detection rate for the new variant. According to PC Tools officials, the new Kraken variant uses a random word generator that can produce natural-looking though meaningless words for use in headers and URLs. "The random word generator is possibly designed to evade spam filters and algorithms that have the ability to distinguish the 'randomness' of words by locating uncommon combinations of characters. If a rule or algorithm cannot be built to distinguish such a word then it cannot be detected or blocked," said Sergei Shevchenko of PC Tools. Other characteristics of the malware include the use of encryption and pseudo-random dynamic DNS names to communicate with control centers, and the possible use of MSN Messenger as well as email to spread itself (using self-extracting files masked as JPEG images).

Earlier this month, security vendor Damballa claimed that over 400,000 computers had fallen victim to Kraken, and PC Tools predicted the number would rise to over 600,000 by mid-April.

Valid XHTML 1.0! Valid CSS! Counter Image
Last Modified: Saturday, 02-Aug-2008 22:13:06 EDT