Malware has been employing anti-researcher and detection-evading tactics, almost since the beginning of malicious code. And while phishing and spam have been using detection-evading techniques for ages, anti-researcher tactics seem to be a new tool in their arsenal. Both phishing and spam seemed to prefer the shotgun approach, preferring quantity to quality when it came to finding victims.<\/p>\n
According to an article in SC Magazine<\/a>, this is beginning to change. This change employs a simple tactic that\u2019s commonly used in emails sent by companies to existing customers \u2013 it includes a link that can only be accessed by the user him or herself. Anyone else accessing the link will be given an error message. By using this technique, they make it difficult for anyone who isn\u2019t the targeted user to view the phishing email, and it makes adding the phish to anti-phishing detection potentially more difficult.<\/p>\n But if the history of anti-malware has taught us anything, \u201cmore difficult\u201d does not by any stretch of the imagination mean \u201cimpossible.\u201d Sometimes, the evasion itself can give detection methods a solid hint that something is up to no good. In the case of polymorphic viruses, AV software can often use the code that generates the virus\u2019 changes to identify it. Legitimate software seldom tries to do such squirrelly things as changing their own code. Because companies commonly use dynamic mass emails, it might be difficult to exclude this behavior generically. But phishing emails that lead to a unique site and push the sort of code that would be useful for a zero-day exploit would be very clearly problematic.<\/p>\n Have you seen any of this new phishing behavior? Or are all of the questionable emails you receive caught in spam filters or by security software?<\/p>\n photo credit: ivanpw<\/a> via photopin<\/a> cc<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":" Malware has been employing anti-researcher and detection-evading tactics, almost since the beginning of malicious code. And while phishing and spam have been using detection-evading techniques for ages, anti-researcher tactics seem to be a new tool in their arsenal. Both phishing and spam seemed to prefer the shotgun approach, preferring quantity to quality when it came […]<\/p>\n","protected":false},"author":6,"featured_media":9849,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[5],"tags":[86,102],"yoast_head":"\n\n\n\n\n\n\n\n\n\n\n\n\n\t\n\t\n\n\n\t\n\t\n\t\n