Stealing Data With Obfuscated Code

Weblver1 writes "A recent report by web security firm Finjan shows how easily data can be accessed on PCs by malware which circumvents existing defenses. With the use of obfuscated code, antivirus software and static Web filters could not identify the scrambled attack code as a threat. The report walks through a real-life scenario of the infection process step-by-step, and tracks what happens to the stolen data. This demonstrates how stealing sensitive data has become unbearably easy — especially, given the abundance of easy-to-use DIY crimeware toolkits. Finjan's report is available here (PDF, registration required). Shortly after this report, Security firm RSA has released their findings of a huge amount of stolen 'virtual wallets' in one of the largest discoveries of stolen data from computers compromised by the Sinowal trojan. While the trojan can be traced back to 2006, it managed to become more productive over time with frequent variants. Given the scale, ease of use, and hiding techniques making infections extremely difficult to find, no wonder today's crimeware achieves such 'impressive' results."

Re:What are the best tools for detecting this?

[Xakh]

A newspaper, typewriter, and calculator.

Re:WTF?

[tylerni7]

You must be new here. You aren't supposed to read the file, just make comments about what it might say.

Re:Obfuscation 101

[jon207]

+1 I compiled and executed it and all what I see was a lot of no-sense junk in the console. What is it supposed to do ?

Re:Obfuscation 101

[fyrewulff]

Drink.... more.... Ovaltine?!?

Re:Obfuscation 101

[rugatero]

How come when I ran this on my PC all my porn files were emailed to everyone in my address book?

It's a denial-of-service attack in which your inbox becomes flooded with 'thank you' notes.

Re:Nothing can protect you

[Jessta]

In fact you are wrong.
Computer aren't as complicated as that.
It's easy enough to design a system to make obscuring the purpose of a piece of code impossible and then have all programs define a contract with the system as to what resources they need to use on the system, this information is conveyed to the user in a nice way and now the user will know straight away if a program is going to act maliciously before they run it.

0-day arbitrary code execution vulnerabilities are created due to a small set of things that overworked programmers forget sometimes, and can be easily abstracted away (it's just that C is such a shit programming language yet it's so widely used)