light bulb

Did You Know?



Reply
Highlighted
Posts: 5,269
Topics: 2,695
Kudos: 5,725
Blog Posts: 0
Registered: ‎06-02-2014

Enhanced KIVARS Malware Now Attacks 64-bit Systems

By Eduard Kovacs on July 03, 2014

 

HomeMalware

Enhanced KIVARS Malware Now Attacks 64-bit Systems

By Eduard Kovacs on July 03, 2014 Tweet

More and more pieces of malware have become capable of targeting users running 64-bit versions of operating systems.

One of them is KIVARS, a piece of malware whose 64-bit version was recently analyzed by researchers from Trend Micro. According to the security firm, the Trojan is distributed with the aid of TROJ_FAKEWORD.A, a dropper that's designed to drop two executable files and a Microsoft Word document on infected systems.

In the 32-bit version, the executable files are copied into the "windows system" folder with the names iprips.dll, which is detected by Trend Micro as TROJ_KIVARSLDR, and winbs2.dll, detected as BKDR_KIVARS. The latest versions of KIVARS, which can target both 32-bit and 64-bit systems, drop these components in the same folder, but under a random name, with the backdoor file having either a .tib or a .dat extension.

The dropper uses the right-to-left override (RLO) technique and a genuine Microsoft Word icon to make it look like the document file, which is password protected and acts as a decoy, is genuine, Trend said. These techniques have also been used in a campaign targeted at government agencies in Taiwan, which Trend Micro recently analyzed

 

Malware-Threats.jpg

 

SecurityWeek/ Full Read Hehttp://www.securityweek.com/enhanced-kivars-malware-now-attacks-64-bit-systemsre/

Community Leader

Posts: 6,094
Topics: 683
Kudos: 6,694
Registered: ‎12-16-2013

Re: Enhanced KIVARS Malware Now Attacks 64-bit Systems

Good to see malware writers staying up with the latest technology Smiley Happy

Posts: 8,242
Topics: 237
Kudos: 10,036
Ideas: 9
Registered: ‎02-03-2012

Re: Enhanced KIVARS Malware Now Attacks 64-bit Systems

Actually, they are a bit behind the times as 64bit has been out for quite a while...LOL

       Untitled-1.png


Webroot SecureAnywhere Complete Beta Tester v9.0.7.47...+ VoodooShield v3.08 Beta...working together as the NEW perfect combination! And backed up by Macrium Reflect v6

Posts: 10,407
Topics: 748
Kudos: 10,425
Registered: ‎02-03-2012

Re: Enhanced KIVARS Malware Now Attacks 64-bit Systems


Baldrick wrote:

Actually, they are a bit behind the times as 64bit has been out for quite a while...LOL


Yea how about 128bit malware? They should be ahead not catching up! LOL

 

Daniel Smiley Very Happy

coollogo_com-133794099.gif


asapvip.pngSigGVIP.pngEPA.png


Webroot® SecureAnywhere™ Internet Security Complete BetaTester v9.0.7.47 on my main system Alienware 17R2, Windows 10 Enterprise x64 Version 1511 (Build 10586.104) & HTC One M8 Android 6.0 Marshmallow with WSA Mobile Complete v3.7.0.7208


MVP.gif.pngMicrosoft® MVP Consumer Security


Twitter1.png  Untitled-1.png  WBA.png  

Posts: 6,094
Topics: 683
Kudos: 6,694
Registered: ‎12-16-2013

Re: Enhanced KIVARS Malware Now Attacks 64-bit Systems

My malware goes to 11 bits!

Posts: 10,407
Topics: 748
Kudos: 10,425
Registered: ‎02-03-2012

Re: Enhanced KIVARS Malware Now Attacks 64-bit Systems

pac1man.gif  Bits eater also cookies. LOL

 

Daniel Smiley Very Happy

coollogo_com-133794099.gif


asapvip.pngSigGVIP.pngEPA.png


Webroot® SecureAnywhere™ Internet Security Complete BetaTester v9.0.7.47 on my main system Alienware 17R2, Windows 10 Enterprise x64 Version 1511 (Build 10586.104) & HTC One M8 Android 6.0 Marshmallow with WSA Mobile Complete v3.7.0.7208


MVP.gif.pngMicrosoft® MVP Consumer Security


Twitter1.png  Untitled-1.png  WBA.png