A new report by Damballa, detailed on its blog, reveals the insidious techniques that cyber-criminals use to evade malware prevention controls. According to the research, independent malware families, such as Asprox, Zemot, and Rerdom, will serve as “partners in crime,” joining forces to increase the effectiveness and monitisation of their attacks.
To initiate a domino effect of infections, a multi-stage downloader or dropper will be used by cyber-criminals — an attack chain that occurs in four phases that include getting around preventative controls, communicating to C&C servers and the downloading of encrypted binaries. The effect of this strategy effectively renders nearly all prevention tools, including sandboxing, useless. Thus, according to commentary on the Damballa blog, this “tangled web is nearly impossible to see unless you are properly instrumented for advanced detection.”