There is new malware that uses a similar security-bypassing capability to the tools used to attack The New York Times.
The malware, called Nap Trojan, was using advanced techniques to bypass traditional security tools and this increases the likelihood other firms could see their defenses bypassed, said researches at security firm FireEye.
“Nap is yet another piece of malicious software that is being used by attackers in order to compromise PCs and then use them as the base from which to launch attacks,” said FireEye product manager and architect, Jason Steer.
“By infecting and then cycling through thousands of infected machines in a very short timeframe, hackers can evade detection; indeed many of the traditional security systems used today are unable to deal with this kind of attack,” he said.
Steer said Nap is dangerous because it shares several common traits with the malware used in a recent attack on The New York Times.
“In that breach, the attacker used thousands of university computers as front-end agents, rotating the attack between these machines in order to avoid suspicion,” Steer said.
“Nap also employs extended ‘sleep’ calls, a classic evasion tactic used by malware writers to help avoid analysis detection by security tools. Effectively this means the malware remains dormant for extended times, this could be 30 minutes or more, making it difficult to predict what it is actually going to do on a victim’s PC.”
The New York Times revealed it was the target of a prolonged cyber campaign originating from China at the end of January.