Enhanced KIVARS Malware Now Attacks 64-bit Systems

  • 3 July 2014
  • 5 replies
  • 472 views

Userlevel 7
By Eduard Kovacs on July 03, 2014
 
HomeMalware
Enhanced KIVARS Malware Now Attacks 64-bit Systems
By Eduard Kovacs on July 03, 2014 Tweet
More and more pieces of malware have become capable of targeting users running 64-bit versions of operating systems.
One of them is KIVARS, a piece of malware whose 64-bit version was recently analyzed by researchers from Trend Micro. According to the security firm, the Trojan is distributed with the aid of TROJ_FAKEWORD.A, a dropper that's designed to drop two executable files and a Microsoft Word document on infected systems.
In the 32-bit version, the executable files are copied into the "windows system" folder with the names iprips.dll, which is detected by Trend Micro as TROJ_KIVARSLDR, and winbs2.dll, detected as BKDR_KIVARS. The latest versions of KIVARS, which can target both 32-bit and 64-bit systems, drop these components in the same folder, but under a random name, with the backdoor file having either a .tib or a .dat extension.
The dropper uses the right-to-left override (RLO) technique and a genuine Microsoft Word icon to make it look like the document file, which is password protected and acts as a decoy, is genuine, Trend said. These techniques have also been used in a campaign targeted at government agencies in Taiwan, which Trend Micro recently analyzed
 


 
SecurityWeek/ Full Read Hehttp://www.securityweek.com/enhanced-kivars-malware-now-attacks-64-bit-systemsre/

5 replies

Userlevel 7
Badge +56
Good to see malware writers staying up with the latest technology 🙂
Userlevel 7
Actually, they are a bit behind the times as 64bit has been out for quite a while...LOL
Userlevel 7
Badge +56
@ wrote:
Actually, they are a bit behind the times as 64bit has been out for quite a while...LOL
Yea how about 128bit malware? They should be ahead not catching up! LOL
 
Daniel 😃
Userlevel 7
Badge +56
My malware goes to 11 bits!
Userlevel 7
Badge +56

  Bits eater also cookies. LOL
 
Daniel 😃

Reply