The RIG Exploit Kit has been causing trouble again, this time delivering a backdoor trojan called Grobios, which takes great pains to avoid detection and evade virtual and sandbox environments.
In a May 14 blog post, researchers from FireEye report that the trojan dates back to at least Mar 10, at which time victims were being directed to the RIG landing page after visiting the domain latorre[.]com[.]au. The domain had been compromised with an injected malicious iframe capable of loading a malvertisement domain that in turns leads to RIG.
Researchers and blog post co-authors Irshad Muhammad, Shahzad Ahmed, Hassan Faizan, Zain Gardezi, report that the developers clearly tried to impede any attempts to dissect the malware, as it was well-protected with multiple anti-debugging and anti-analysis and anti-VM techniques.
Link to Full article
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.