Reminiscent of the elusive Task Scheduler attacks we wrote about recently, a new method of delivering malware to systems has been discovered. In this case, it’s all about the Windows Event Logs. An executable file is placed in the event logs for Key Management Services. Allows code to be executed in memory.
Many malware and viruses contain code blocks that are detected by security software. In this case, however, the code can be split into 8 kilobyte chunks that are stored in events and then reassembled. Standard detection methods can be avoided, as each piece does not have to be malicious in itself. Trojans are used to evade other protections to steal data.
This method was first spotted in a targeted attack in February by security firm Kaspersky, which posted more details on its Securelist blog. The company calls the yet-to-be-named method unique and well thought out and uses commercial tools.
Source: HotHardware
Source: Hardware Info
