Polymorphic Malware

IObit Advanced SystemCare PRO

AAEH is a family of polymorphic downloaders created with the primary purpose of downloading other malware, including password stealers, rootkits, fake antivirus, and ransomware.

AAEH is often propagated across networks, removable drives (USB/CD/DVD), and through ZIP and RAR archive files. Also known as VObfus, VBObfus, Beebone or Changeup, the polymorphic malware has the ability to change its form with every infection. AAEH is a polymorphic downloader with more than 2 million unique samples. Once installed, it morphs every few hours and rapidly spreads across the network. AAEH has been used to download other malware families, such as Zeus, Cryptolocker, ZeroAccess, and Cutwail.

A system infected with AAEH may be employed to distribute malicious software, harvest users’ credentials for online services, including banking services, and extort money from users by encrypting key files and then demanding payment in order to return the files to a readable state. AAEH is capable of defeating anti-virus products by blocking connections to IP addresses associated with Internet security companies and by preventing anti-virus tools from running on infected machines.

Users Are Recommended To Take The Following Actions :

Use And Maintain Anti-Virus Software – Anti-virus software can identify and block many viruses before they can infect your computer. Once you install anti-virus software, it is important to keep it up to date.

Although details may vary between packages, anti-virus software scans files or your computer’s memory for certain patterns that may indicate the presence of malicious software, malware. Anti-virus software, broadly referred to as anti-malware software, looks for patterns based on the signatures or definitions of known malware, so it is important that you have the latest updates installed on your computer.

You will still be susceptible to malware that circulates before the anti-virus vendors add their signatures, so continue to take other safety precautions as well, with the use of a firewall, software firewall or even better an eternal firewall.

♦ Change Your Passwords – Your original passwords may have been compromised during an infection, so you should change them .

Passwords are a common form of authentication and are often the only barrier between you and your personal information. There are several programs attackers can use to help guess or “crack” passwords. But if you choose good passwords and keep them confidential, you can make it more difficult for an unauthorized person to access your information.

Think about the number of personal identification numbers (PINs), passwords, or passphrases you use every day: getting money from the ATM or using your debit card in a store, logging on to your computer or email, or signing in to an online bank account. The list of things that you can do online gets longer every day.

Keeping track of all of the number, letter, and word combinations may be frustrating at times, and maybe you’ve wondered if all of the fuss is worth it. After all, what attacker cares about your personal email account, right? Or why would someone bother with your bank account when there are others with much more money?

Often, an attack is not specifically about your account but about using the access to your information to launch a larger attack. And while having someone gain access to your personal email might not seem like more than an inconvenience or embarrassment, think of the implications of an attacker gaining access to your Social Security number or your medical records.

One of the best ways to protect information or physical property is to ensure that only authorized people have access to it. Verifying that those requesting access are the people they claim to be is the next step. This authentication process is more important and more difficult in the cyber world.

Passwords are the most common means of authentication, but if you don’t choose good passwords and keep them confidential, they’re almost as ineffective as not having any passwords at all. Many systems and services have been successfully breached because of insecure and inadequate passwords, and some viruses and worms have exploited systems when attackers were able to guess weak passwords.

Most people use passwords that are based on personal information and are easy to remember. However, that also makes it easier for a cracker, hacker or attacker to crack them. Think about how easy it is to find someone’s birthday or similar information. Longer passwords are more secure than shorter ones because there are more characters to guess, so consider using “passphrases” when you can.

Now that you’ve chosen a password that’s difficult to guess, you have to make sure not to leave it someplace for people to find. Writing it down and leaving it in your desk, next to your computer, or, worse, taped to your computer, is just making it easy for someone who has physical access to your system or device. Don’t tell anyone your passwords, and watch for attackers trying to trick you through phone calls or email messages requesting that you reveal your passwords.

Other password problems stem from web browsers’ ability to save your online sessions in memory. Depending on your web browsers’ settings, anyone with access to your computer may be able to discover all of your passwords and gain access to your information. Avoid using public computers and public Wi-Fi to access sensitive accounts such as banking and email.

♦ Keep Your Operating System And Application Software Updated – When vendors become aware of vulnerabilities in their products, they often issue patches to fix the problem. Make sure to apply relevant patches to your computer as soon as possible so that your system is protected.

Sometimes, instead of just releasing a patch, vendors will release an upgraded version of their software, although they may refer to the upgrade as a patch.

Cracker, Hacker or Attackers may target vulnerabilities for months or even years after patches are available. Some software will automatically check for updates, and many vendors offer users the option to receive automatic notification of updates through a mailing list. If these automatic options are available, take advantage of them. If they are not available, check your vendors’ websites periodically for updates.

Make sure that you only download software or patches from websites that you trust. Do not trust a link in an email message. Cracker, Hacker or Attackers have used email messages to direct users to malicious websites where users install viruses disguised as patches. Also, beware of email messages that claim that they have attached the patch to the message—these attachments are often viruses.

#

Advanced SystemCare PRO– provides automated and all-in-one PC care service with Malware Removal, Privacy Protection, Performance Tune-up, and System Cleaning capabilities. It also creates superior and safer online experience with the latest Surfing Protection and Internet Boost technology, ensuring you top online security and maximum PC performance. Enjoy the Lightning Fast PC Speedup with just ONE Click!

Advanced SystemCare PRO

Advanced SystemCare PRO

►◄

References:

Wong, Wing; Stamp, M. (2006). Hunting for Metamorphic Engines. Journal in Computer Virology. Department of Computer Science, San Jose State University. [2]

  1. Self-modifying Batch File by Lars Fosdal
  2.  http://faculty.hampshire.edu/lspector/push.html

Anti-Virus / Anti-Malware Solutions:

PC Keeper Antivirus

Defender Pro Internet Security

SpyHunter Anti-Malware

XoftSpySE Anti-Spyware

Max Spyware Detector

Trackoff Total Security

trans-dove

This entry was posted in Solutions. Bookmark the permalink.