Enhanced KIVARS Malware Now Attacks 64-bit Systems


Userlevel 7
By Eduard Kovacs on July 03, 2014
 
HomeMalware
Enhanced KIVARS Malware Now Attacks 64-bit Systems
By Eduard Kovacs on July 03, 2014 Tweet
More and more pieces of malware have become capable of targeting users running 64-bit versions of operating systems.
One of them is KIVARS, a piece of malware whose 64-bit version was recently analyzed by researchers from Trend Micro. According to the security firm, the Trojan is distributed with the aid of TROJ_FAKEWORD.A, a dropper that's designed to drop two executable files and a Microsoft Word document on infected systems.
In the 32-bit version, the executable files are copied into the "windows system" folder with the names iprips.dll, which is detected by Trend Micro as TROJ_KIVARSLDR, and winbs2.dll, detected as BKDR_KIVARS. The latest versions of KIVARS, which can target both 32-bit and 64-bit systems, drop these components in the same folder, but under a random name, with the backdoor file having either a .tib or a .dat extension.
The dropper uses the right-to-left override (RLO) technique and a genuine Microsoft Word icon to make it look like the document file, which is password protected and acts as a decoy, is genuine, Trend said. These techniques have also been used in a campaign targeted at government agencies in Taiwan, which Trend Micro recently analyzed
 


 
SecurityWeek/ Full Read Hewww.securityweek.com/enhanced-kivars-malware-now-attacks-64-bit-systemsre/" target="_blank" rel="nofollow noreferrer noopener">http://www.securityweek.com/enhanced-kivars-malware-now-attacks-64-bit-systemsre/

5 replies

Userlevel 7
Badge +56
Good to see malware writers staying up with the latest technology 🙂
Userlevel 7
Actually, they are a bit behind the times as 64bit has been out for quite a while...LOL
Userlevel 7
Badge +55

@Baldrick wrote:
Actually, they are a bit behind the times as 64bit has been out for quite a while...LOL

Yea how about 128bit malware? They should be ahead not catching up! LOL
 
Daniel 😃
Userlevel 7
Badge +56
My malware goes to 11 bits!
Userlevel 7
Badge +55

  Bits eater also cookies. LOL
 
Daniel 😃

Reply

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept or continue browsing you agree to our cookie policy. Learn more about our cookies.

    Accept cookies Cookie settings