I won't go into detail about packing, obfuscation or polymorphism. The point is that a Trojan doesn't just arrive from nowhere it is invited, even if unwittingly, and an anti-virus program would assume it has permission to do whatever it's doing unless and until it starts modifying system files or other protected assets. If the exploit kits find a weakness they'll use it, often by downloading just enough malicious code (javascript in a web page, probably) to get your browser to request a further download from a malware-infected server. Java is a favourite, and so is Flash and Adobe Reader. But those won't work unless the domain with the infection code scans your system and finds some program that's not been updated recently. Of course some Trojans are the result of drive-bys on web pages, iframe redirects, and so forth. Read their forums and you'll see what I mean. This Trojan would have disabled MSE, Norton, and many other AV programs. The first thing a Trojan usually does is to modify the registry, kill active processes - especially anti-malware ones - and put hooks into the system so that it runs at system start-up. If you allow it to execute thinking it's whatever it claims to be, then you've given it permission to modify your system. And as the name tells you, that means it usually arrives pretending to be something else. That's because it's not a virus, it's a Trojan. anti virus and firewall, and turned it off.
0 Comments
Leave a Reply. |