 |  |  |  |  |  |  |  |
Limbo 2 Trojan comes complete with guarantee of invisibility
It might come as a surprise to some that there is an underground economy online which revolves around the sale of malware. However, with botnets for hire by the hour and rootkits to purchase outright such off-the-shelf security nightmares have been the norm for a number of years now. What is unusual about the Limbo 2 Trojan is that it costs so much, topping out at some $1300 for the user license. Yes, without any hint of irony the authors of these malware applications do seek to protect their intellectual property with end user licensing schemes. The fact that for the most part they have stolen the code from someone else and simply adapted it slightly to create a new version is neither here nor there.
But the reason for the high value of Limbo 2 is simple: it comes with a guarantee of being able to evade the top ten anti-virus solutions. Not just evade them now, but do so continuously thanks to a morphing shell which provides in effect a cloaking device to hide the Trojan from the prying eyes of AVG, McAfee, Symantec and their ilk. So the shell changes, but unfortunately the payload remains constant: stealing financial data.
PrevX, the security company which uncovered Limbo 2, has analysed the code and confirmed that the Trojan can produce pretty much infinite variants to avoid detection by signature-based AV solutions. So while the AV researchers will, soon enough, produce a signature to detect Limbo 2 the chances are high that it will morph into an unrecognised variant within hours.
Jaques Erasmus, the Director of Malware Research with PrevX, told SCMagazine that Limbo 2 is "by far the most sought-after trojan in the underground” and added that it is able to "inject a code into a live banking site - if you log into a bank, it is able to hijack your connection and adds an extra field into the page.”
Although it does sound like good cause for some doom and gloom predictions, the truth is that now that Limbo 2 code has found its way into the hands of one security firm it will be dissected and distributed amongst numerous other security research labs. New Trojans capable of morphing to avoid detection hit the market more frequently than you might imagine, and security researchers find the key characteristics that can produce a generic signature quicker than you might think as well. Even if simple signature detection is not possible, then heuristic techniques and other behaviour based detection technologies almost certainly will kick in.
But the reason for the high value of Limbo 2 is simple: it comes with a guarantee of being able to evade the top ten anti-virus solutions. Not just evade them now, but do so continuously thanks to a morphing shell which provides in effect a cloaking device to hide the Trojan from the prying eyes of AVG, McAfee, Symantec and their ilk. So the shell changes, but unfortunately the payload remains constant: stealing financial data.
PrevX, the security company which uncovered Limbo 2, has analysed the code and confirmed that the Trojan can produce pretty much infinite variants to avoid detection by signature-based AV solutions. So while the AV researchers will, soon enough, produce a signature to detect Limbo 2 the chances are high that it will morph into an unrecognised variant within hours.
Jaques Erasmus, the Director of Malware Research with PrevX, told SCMagazine that Limbo 2 is "by far the most sought-after trojan in the underground” and added that it is able to "inject a code into a live banking site - if you log into a bank, it is able to hijack your connection and adds an extra field into the page.”
Although it does sound like good cause for some doom and gloom predictions, the truth is that now that Limbo 2 code has found its way into the hands of one security firm it will be dissected and distributed amongst numerous other security research labs. New Trojans capable of morphing to avoid detection hit the market more frequently than you might imagine, and security researchers find the key characteristics that can produce a generic signature quicker than you might think as well. Even if simple signature detection is not possible, then heuristic techniques and other behaviour based detection technologies almost certainly will kick in.
Similar Threads
- $3.33/month Web Hosting with 30 Day Money Back Guarantee (Web Hosting Deals)
- [UK] Shared/Reseller webhosting 24/7 Support 99.9% uptime Guarantee (Web Hosting Deals)
- SP2 Limbo; cannot uninstall; cannot add service; cannot re-install (Web Browsers)
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Network Security Posts
- Today's Posts
- Unanswered Threads
advertising age amd apple avatar bluegene botnet broadband browser business cellphone censorship china chips copyright crime data database development dos downloads economy email encryption energy enterprise europe facebook firefox gadget games gaming google government hacker hacking hardware ibm ibm.news intelibm internet iphone ipod itunes law legal linux mac malware marketing medicine memory microsoft mobile mozilla music news openoffice opensource os pc phishing piracy porn privacy ps3 recession redhat report research russia satnav search security sex socialnetworking software spam spyware sun supercomputer supercomputing survey technology trends trojan twitter ubuntu uk video virus vista web windows windows7 working x86 xbox yahoo youtube