The widespread mainly in China Bohu Trojans defeated by anti-virus solutions, surveys for estimating the risk of a file server in the cloud. The reported Microsoft's Malware Protection Center. Bohu is proceeding on different ways to evade detection.
Bohu According to the report appended to its own files, random data in order to escape a recognition on the basis of hash values. Cloud scanner to send the unique hash value of a file to the server, to determine whether there is already information for this file. The random data but lead to a new hash value, so the file is from the server is usually classified as unknown.
Bohu tries addition, the flow of data between the scanner and the cloud disturbing. installed this he on the "Windows Sockets Service Provider Interface" ( Winsock SPI ) a filter and also an NDIS driver that looks, according to Microsoft in the network stream or in HTTP requests for specific keywords and server addresses, and when you hit the upload data blocks to the server.
Bohu tried but apparently only compounds of the popular Cloud scanners to disrupt Chinese manufacturer Kingsoft, Rising and Qihoo. Bohu comes disguised as a video codec on the computer and install additional files. However, Microsoft's report and the descriptions of the pest not indicate whether the Trojans next to the blocking function of espionage or similar functions still carries.
What only a matter of time! Sorry: (
0 comments:
Post a Comment