In our Security Predictions for this year, Trend Micro CTO Raimund Genes predicted that the evolution of conventional malware will only gradually evolve. Instead of distributing new threats, malware authors will focus more on refining tools and how these attacks are conducted.
In particular, we will be seeing certain developments in their stealth tactics to avoid efforts done by security researchers and vendors. The perfect example of these developments is the release of Blackhole Exploit Kit (BHEK) 2.0, which was a direct response to successful efforts to block previous BHEK versions.
These past days, we were alerted to the following string of incidents, in which old malware variants and threats incorporate certain tricks in an attempt to prevent detection.
- Certain versions of Kelihos (detected as BKDR_KELIHOS.NAP) recently surfaced in the wild. Reports indicate that this Kelihos variant initiates a SleepEx function. With this sleep function, the malware becomes inactive during a particular time frame, which in effect can prevent automated detection to capture its malicious routines. Both Kelihos and extended sleep calls routines are not new in the threat landscape, however, when combined can be a potent threat that users should be wary of.