High volume malware infections always claim the headlines, especially if they end-up operating in the same generation. Emotet, LokiBot, and TrickBot are the three strongest contenders as the malware to watch-out for this 2019, based on their infection campaigns from last year.
Emotet is a multifunction malware, with it, the user’s credential can be stolen, it can send spam containing a copy of itself to other users and it also builds its payload to record user information silently in the background. Signature-based antivirus products have a hard time detecting Emotet, given its polymorphic signature, for every successive generation of malware produces a different signature compared to its predecessor. Its claim to fame is its worm capability, it does not need a user to execute it in order to work. It crawls the local network with is by extracting the network information from the operating system itself.
LokiBot is a malware containing open source code, this banking trojan is designed to capture bank user accounts by monitoring the computer with its built-in keylogging capability. It is still an in-progress malware, given that its authors are always adjusting its behavior for every new generation. It was first detected in the wild in the second quarter of 2018, and its current generation is very distinct compared to earlier versions.
Trickbot has been existing since 2016, like Lokibot, it continues to evolve and gain more features, as its authors are prolific in their desire to improve their malware. It operates in a “modular” fashion, as it is like a digital lego, where capabilities like remote access, keylogging, and payloads are separate modules that attaches itself to the main Lokibot trojan.
“While these high-volume threats are well discussed in the security industry, and are seemingly novel, Emotet, Lokibot, and TrickBot still succeed in impacting enterprises around the world, causing significant damage. It is our desire to share a threat focused methodology in approaching security operations and apply it to these prolific threats. Our goal is to empower security teams to be more prepared to detect and respond to this malicious activity, and others that share or recycle similar technical methods,” explained Justin Warner, Gigamon’s Director of Applied Threat Research.
The signature-based antivirus software has been used for a long time in PCs were pattern matching method that matches features like “fingerprints” of malware collected by the provider from all over the world with those of files that have been invaded. Although the provider continues to expand the malware collection network, it does not catch up with the current situation that several new malware occur every second worldwide and only 4% use the same malware twice.
On the contrary, next-generation anti-virus software combines new functions that do not rely on pattern matching. “Behavior Detection”, also known as Heuristics scanning method which detects by looking at movement in PC which tends to be malware, and method to analyze malware gathered in a large quantity by machine learning and deep learning and to detect from source code, action log, etc.