Recently, a sample of him BlackEnergy Trojan has been posted to Google's VirusTotal service, which offers free scanning of files with multiple antivirus engines.
This is a variant of a previous threat, which, according to the F-Secure, has distanced itself from the features of a rootkit as it is not hidden from the files and registers. However, sample analysis includes latent routines that hide processes.
This is based on kernel object manipulation (DKOM), a method used by various rootkits to hide harmful processes in drivers or files.
This is why "malware keeps a hard-coded list of compensatory benefits in kernel structures" so that it can run on multiple versions of Windows.
According to the F-Secure report, the Trojan has been adapted to support the latest versions of the Windows operating system, 8 and 8.1.
Created by a Russian hacker. BlackEnergy malware has been used in cyber attacks against Georgia by 2008.
There is no information about whether a threat is currently being released, but since it has been posted to VirusTotal, there is a good chance that vendor software vendors have already prepared updates for the detection and disinfection of routines.
Additionally, the sample is not digitally signed, making it more difficult to infect a system due to the verification mechanism in modern Windows. However, if this operating system is disabled, attackers can understand the computer through Black Energy.