Hackers Serve Malware Cocktail That Evades Most AV Programs

As I stated many times before, cyber-criminals are an adaptable bunch. They still use SPAM to deliver malicious payloads because it works so well, then change the code slightly to evade most anti-virus (AV) programs for a time. When the security companies catch up, they change it again.

The new cyber-criminal toy is the Hancitor Trojan Downloader.

Researchers have been analyzing it for a few weeks and found only three AV programs that identified it so far. But, don’t be too hard on them. As Heimdal Security points out in their post, malware cocktails are hard for AV programs to detect because of their ever-changing code.

As stated above, SPAM is used to trick recipients into clicking a link that leads to a malicious site which downloads infected RTF documents (document files in Rich Text Format) onto the target’s computer. Once done, the attackers exploit the Microsoft Office Memory Corruption Vulnerability to remotely control the machine.

The Hancitor Trojan drops the Pony and Evil Pony malware programs onto the target, enabling hackers to launch the Panda ZeuS botnet injecting additional malware, collecting user data then sending information back to the hackers.

To protect yourself, use these tried and true techniques:

  • Keep your Operating System and third-Party programs fully patched and updated.
  • Never click on links or open attachments in emails from unknown and/or untrusted sources.
  • Do not operate your PC using administrative user accounts.
  • Disable macros for all Microsoft Office programs.
  • Even though not all AV programs can detect this threat at present, never operate without updated anti-virus software. The AV companies will soon catch-up.
  • Make sure you have a reliable backup solution with copies of your data stored in three locations: your office and two (2) geographically dispersed data centers in the cloud.
  • To all managers and business owners: educate your employees on an ongoing basis.

These types of attack are made possible because despite the warnings, users keep clicking on infected links and documents in emails making SPAM the most effective delivery mechanism for malware.

 If you take the above precautions, you’ll be better protected than the majority of users.


XSolutions is an Elite Partner of Datto, the world leader in Hybrid-Cloud Business Continuity solutions whose systems protect 300+ Petabytes of data with over 800 employees and 9 offices around the globe. Call (845) 362-9675 and let us introduce you to the ultimate defense against data loss—whatever the cause.