Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Morto: Not your average creepy-crawly worm

14 Sep 2011   #1

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 
Morto: Not your average creepy-crawly worm

Quote:
As malware goes, Morto has something new to offer. It’s conversant in DNS-speak.

Why a digital worm? They’re so yesterday, barely worth the effort when compared to trojans and rootkits, the current malware du jour. True, except for one new and improved wiggler.

While reverse-engineering Morto, a team from Symantec discovered something. Morto can communicate. It phones home using the Domain Naming System (DNS). Darn. Yet another hole punched in the beleaguered DNS protocol. Here’s how Symantec figured out what Morto was doing:

“While examining W32.Morto, we noticed that it would attempt to request a DNS record for a number of URLs that were hard-coded into the binary. This is by no means unusual or unique, but when we examined the URLs, we noticed that there were no associated DNS A records returned from our own DNS requests.

On further investigation, we determined that the malware was actually querying for a DNS TXT record only — not for a domain to IP lookup — and the values that were returned were quite unexpected.”


Here are the results (courtesy of Symantec):

http://i.techrepublic.com.com/blogs/morto-4.png

Symantec explains what the Morto-infected computer does with this information:

“The threat clearly expected this type of response as it proceeded to validate and decrypt the returned TXT record. The decrypted record yielded a customary binary signature and an IP address where the threat could download a file (typically another malware) for execution.”

The downloaded file is the payload I described earlier. And it’s up to the Morto developers as to what additional malcode will be downloaded and installed.

On a grand scale, Morto does not have the wow-factor of malware like Zeus. Still, it feels like a significant step — a leap, maybe — in the evolution of malware. Communicating via DNS TXT records is subtle, yet effective — exactly what the bad guys want.
Read Full Article:
Morto: Not your average creepy-crawly worm | TechRepublic

My System SpecsSystem Spec
.

Reply

 Morto: Not your average creepy-crawly worm




Thread Tools



Similar help and support threads for2: Morto: Not your average creepy-crawly worm
Thread Forum
Creepy BIOS Problem with Missing ram settings! Hardware & Devices
Alienware Windows 7 Very Creepy Problem General Discussion
Creaky Floors And Creepy Neighbors Chillout Room
Google's Policy: Get to the Creepy Line News
On average how long Chillout Room
Not your average sleep problem General Discussion
Creepy Media Encoder Error Software

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 03:21 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33