By Dancho Danchev
With more Web-based DIY malware crypters continuing to pop up online, both novice and experienced cybercriminals can easily obfuscate any malicious sample into an undetected — through signatures based scanning not behavioral detection — piece of malware, successfully bypassing perimeter based defenses currently in place.
In this post I’ll profile a recently launched service, empowering virtually everyone using it, with the capability to generate undetected malware. I’ll emphasize on its key differentiation factors and provide sample MD5s known to have been crypted using the service.
Sample screenshot of the DIY Web-based malware crypting service:
Second screenshot of the DIY Web-based malware crypting service:
Among the key features of this Web-based malware crypting service are the auto scanning of crypted files to showcase to the customer that the file is indeed not detected by the majority of antivirus solutions, support for x32 and x64 files as well as DLL’s, support for all versions of Windows from XP to Windows 8, and the ubiquitous support for anti VMware/anti debugging.
The price? $20, with the service vendor claiming that the file will remain undetected for more than 7 days. Now, how is he able to calculate that remains unclear, as once his customers start spreading the undetected samples, they’ll eventually end up hitting a security vendor’s sensor network, so it’s all up to the customer’s sensor evasion tactics, and not necessarily a service feature.
It’s also worth emphasizing on the fact that in its current form, the service doesn’t have the potential to disrupt the cybercrime ecosystem in an “innovative” way, largely thanks to the lack of API (Application programming interface) support, something we’ve seen implemented on competing services.
We’re currently aware of the following MD5s crypted using the service:
Webroot SecureAnywhere users are proactively protected from these threats.
You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on Twitter.