Magic Malware

In a recent blog posting, Seculert  discussed a new malware threat which they have dubbed “Magic Malware.”

Magic Malware uses a proprietary communications protocol which evades detection by evasion detection software which monitors regular communications protocols.  Seculert observed:

This “magic malware” — as we’ve dubbed it — is active, persistent and had remained undetected on the targeted machines for the past 11 months. … The real intention of the attackers behind this magic malware … is yet to be known. As the malware is capable of setting up a backdoor, stealing information, and injecting HTML into the browser, we believe that the current phase of the attack is to monitor the activities of their targeted entities. But, because this malware is also capable of downloading and executing additional malicious files, this might be only the first phase of a much broader attack.

Magic Malware is yet another example of the evasion methods used by the developers of  modern malware.  Quoted in Infosecurity, Adrian Cully of Dambella observed:

The whole industry has thought for over twenty years that if your Anti-Virus/Firewall/IDS/IPS/DLP saw no problems then there were none – when it fact it turns out that while these defenses are all good, they are not good enough when it comes to APTs.

Magic Malware is corrupting systems all over the world.  Seculert provided this graph to show its distribution:

Seculert does not tell us how Magic Malware is introduced into the victims’ systems. Note the high concentration of Magic Malware in the UK.  Is Magic Malware related to the recent warnings from MI5 about state sponsored efforts to steal advanced British research in the areas of graphene, quantum photonics and advanced aerospace?  That we don’t know.  What we do know is that over 95% of state sponsored cyber espionage infiltrates systems using spearphishing.

Employees’ email decisions can compromise security. Cyber espionage exploits this fact.  IT needs to help employees make better email processing decisions. That is where SP Guard comes into play. Using SP Guard, IT can determine a list of trusted senders and provide this information to staff in a simple and highly effective manner.

You can contact us at  408-727-6342,ext 3 or use our online form.


Comments are closed.