Search This Blog

Sunday, September 6, 2015

New Banking malware 'Shifu' proves Malware Management works!

IBM's Security X-Force team has released an initial report on a new malware named 'Shifu' that uses methods in several other known malware currently compromising banks in Japan.

The lesson to learn here is that it uses similar traits or functions of other know malware. The report lists the following traits from known malware:

Shiz - Domain Generation Algorithm (DGA)
Corcows - Theft from Bank Apps
Gozi - Stealth hiding techniques
Zeus - Anti-Sec avoidance
Dridex - Config using XML
Conficker - Wipe system restore
Dyre - Self signed certs

This blog has stated that Malware Management should be practiced just like we practice Vulnerability Management. The benefits are that malware uses patterns over time that allows you to look in places or for artifacts and indicators that other malware have already used, thus making Malware Discovery easier each time you do it, improving results.

I look forward to the detailed report by the IBM Security X-Force team and HOPE they publish the artifact details we Active Defenders and Incident Responders need to discover this malware or similar types of malware in our own environments.

IBM Trusteer intro on Shifu malware

#InfoSec #MalwareArchaeology