The BlackEnergy Trojan was updated for Windows 8-8.1

Recently, a sample of him BlackEnergy Trojan has been posted to Google's VirusTotal service, which offers free scanning of files with multiple antivirus engines.

This is a variant of a previous threat, which, according to the F-Secure, has distanced itself from the features of a rootkit as it is not hidden from the files and registers. However, sample analysis includes latent routines that hide processes.

BlackEnergy 1

This is based on kernel object manipulation (DKOM), a method used by various rootkits to hide harmful processes in drivers or files.

This is why "malware keeps a hard-coded list of compensatory benefits in kernel structures" so that it can run on multiple versions of Windows.

According to the F-Secure report, the Trojan has been adapted to support the latest versions of the Windows operating system, 8 and 8.1.

BlackEnergy

Created by a Russian hacker. BlackEnergy malware has been used in cyber attacks against Georgia by 2008.

There is no information about whether a threat is currently being released, but since it has been posted to VirusTotal, there is a good chance that vendor software vendors have already prepared updates for the detection and disinfection of routines.

Additionally, the sample is not digitally signed, making it more difficult to infect a system due to the verification mechanism in modern Windows. However, if this operating system is disabled, attackers can understand the computer through Black Energy.

iGuRu.gr The Best Technology Site in Greeceggns

Get the best viral stories straight into your inbox!















Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).