Animal Farm Group - Dino - Smarter than your Average Malware

July 24, 2015 | Garrett Gross

Did you know that some types of malware are more ‘intelligent’ than others? A recently discovered backdoor Trojan called ‘Dino’ uses some innovative techniques that set itself apart from other malware variants and poses a more significant threat that your ‘typical’ backdoor.

Aspects of Dino’s custom file system allow for stealthy command execution, masking its activity from many detection methods. In addition, Dino has some task scheduling functionality, similar to a cron job, allowing for “set it and forget it” campaigns.

Impact on you

  • Having any type of backdoor Trojan on your environment puts you at significant risk of data exfiltration, misuse of your assets (botnet, hosting malicious content), or further compromise.
  • Dino poses an even more serious threat due to its focus on stealth and autonomous maneuvers
  • The search function allows attackers to find specific (usually sensitive) files very quickly and with precision not seen in previous malware variants

How AlienVault Helps

AlienVault Labs continues to perform cutting edge research on threats like these, collecting large amounts of data and then creating expert threat intelligence as a result.The Labs team has already released IDS signatures and a correlation rule to the AlienVault Unified Security Management (USM) platform so customers can detect activity from Animal Farm. Learn more about this threat intelligence update and others in our forum.

  • System Compromise, Targeted Malware, Animal Farm group malware
Garrett Gross

About the Author: Garrett Gross

Garrett Gross has always had an insatiable appetite for technology and information security, as well as an underlying curiosity about how it all works. Garrett has over 15 years of professional experience in information technology, filling several roles: systems administration, network engineering, product marketing, technical support, and helpdesk. In his current role in field enablement, he uses his experience to help managed security service providers be successful in evangelizing and operationalizing AlienVault USM.

Read more posts from Garrett Gross ›

‹ BACK TO ALL BLOGS

Get the latest security news in your inbox.

Subscribe via Email

Watch a Demo ›
Get Price Free Trial