Recently, a sample of him BlackEnergy Trojan posted on Google's VirusTotal service, which offers free scanning of files with multiple antivirus engines.
This is a variant of a previous threat, which, according to the F-Secure, has distanced itself from the characteristics of a rootkit since it is not hidden by files and registries. However analysis of the sample includes latent routines that hide the procedures.
This is based on kernel object manipulation (DKOM), a method used by various rootkits to hide harmful processes in drivers or files.
This is also the reason that the "malicious λογισμικό κρατά ένα σκληρό κωδικοποιημένο κατάλογο των αντισταθμιστικών οφελών στις δομές του πυρήνα” για να μπορεί να τρέχει σε πολλαπλές εκδόσεις των Windows.
According to report by F-Secure, the Trojan has been adapted to support the latest versions of the Windows operating system, 8 and 8.1.
Created by a Russian hacker. BlackEnergy malware has been used in cyber attacks against Georgia by 2008.
There is no information about whether a threat is currently being released, but since it has been posted to VirusTotal, there is a good chance that vendor software vendors have already prepared updates for the detection and disinfection of routines.
Additionally, the sample is not digitally signed, making it more difficult to infect a system due to the verification mechanism in modern Windows. However, if this operating system is disabled, attackers can understand the computer through Black Energy.
