As cybercriminals continue to hone their attack approaches, they are also tuning their post-intrusion models. Many modern malware tools already incorporate features for evading antivirus and other threat detection measures, but research shows that attackers are also becoming more sophisticated in their obfuscation and anti-analysis practices to avoid detection if an infiltration attempt is successful.
Based on analysis of data from Fortinet’s “Q2 2019 Threat Landscape Report,” this article examines a recent spam campaign that used novel anti-analysis and evasion techniques.
Anatomy of a Spam Attack
Many modern malware tools include features for evading antivirus and other threat-detection measures. Examples include routines that enable the malware to detect when it is running within a sandbox environment, functions for disabling security tools on an infected system, and the use of junk data to make disassembly harder.
A good example of how adversaries are tweaking these anti-analysis techniques can be found in a macro that was used in a major spam campaign in Japan…