Security researchers have uncovered a new type of malware that appears to be benign as it is downloaded, potentially fooling security software, but which morphs into malicious software once it is on a user's computer.
Researchers at Microsoft's Malware Protection Centre wrote about their findings this week, explaining that the code is surprising in that unlike most other similar types of malware, it doesn't attempt to download or inject an executable file into a host machine.
Instead, it downloads apparently harmless code. However, the researchers found that the code was not harmless at all when they allowed it to execute.
"Once the application was run on a machine with a simulated internet connection, it [downloaded files from another website, then] copied itself to the Windows system folder as 'misys.exe', and started keylogging."
The sophistication of this new malware is that this malicious behaviour was not apparent from a straightforward analysis of the code itself, which is what security researchers and most security products attempt to do when encountering suspicious software.
"The static analysis did not indicate this kind of functionality," said the researchers.
They explained that it changes its functionality by downloading new instructions directly to its own process, rather than attempting to change the registry, or other system processes, which is more commonly seen in malware.
"The application is extending its functionality dynamically by downloading and executing x86 instructions in the context of its own process. The 'downloader' becomes malware by executing this downloaded blob of x86 instructions.
"And the downloaded instructions will not be injected to a different process and not dropped to disc, they will be executed in the process context of the 'downloader', thus the 'downloader' inherits the malware functionality."
This malware is fairly simple to create with a basic malware builder tool, meaning that it could quickly become more prevalent. Malware authors can configure it to steal and transmit whatever data they believe may reside on a target's machine.
However, tools to combat the software have now been added to Microsoft's anti-virus products, with other security vendors sure to swiftly follow.
Have your say on this article
Newsletters
Latest stories from Threats and Risks
Latest videos
You may also like
Threats and Risks jobs
Do you think the G-Cloud will be a success?
Former British Airways CIO Paul Coby tells Computing about his transition to being CIO at John Lewis
Rubbish in... rubbish enterprise. Why proper data management is so important (video, 6 min)
This Forrester report compares the costs and benefits of legacy email and productivity software with Google Apps
Upcoming Events
Join us to meet other professionals tackling this issue, and hear from Goy Roper, interim head of ICT of Norfolk County Council how his organisation deployed a flexible and intelligent network to cope with the challenge
Date: 07 Mar 2012
Time: 9am
The implementation of robust, relevant digital strategies is more crucial than ever to the success of insurance businesses
Date: 01 Mar 2012
Time: 09:00am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
