Threat Intel Digest
Securing Your Avatar ImagesImages and graphics can be rendered several ways in a browser. One common format is SVG (Scalable Vector Graphics), which is an XML-based vector image format for two-dimensional graphics with support for interactivity and animation.
Fumigating RevengeRAT and WSHRAT Infestations
RAT, also known as Remote Access Trojan, is a type of malware that can interactively control infected machines. A vast collection of RATs can also be used for a DDOS (Distributed Denial-Of-Service) attack to bring down a specific website or system.
Nowadays, malware doesn't attack by itself. It usually combines its attack with different malware. Some malware downloads other malware that it uses for several tasks, and other malware drops the necessary malware components. The main advantage of dropping malware from a packaged binary is to have all the components of the attack already available, even without internet connections. We have found a malware with a low detection rate. It drops RevengeRAT and WSHRAT. The first RAT is mostly used to gather information about the infected machine and send that information to its command-and-control server. The collected information sent to the server can be used for further attacks on the infected system. Meanwhile, WSHRAT contains codes and commands that can be used to connect interactively with the attacker. These kinds of combined capabilities give the malware author a chance to focus on a specific goal of a particular malware. One malware only needs to be packaged with other malware to gain the overall goal. However the packaging of malware offers an advantage to the defender. The defender only needs to detect one of the malware components to partially disable the functionality of the pack.