Back in February, Mandiant reported on the discovery of a new piece of malware they called “BATLOADER”. The malware is delivered via malicious web sites that are disguised as download sites for legitimate consumer software. To increase the reach of the web sites, the attackers utilized search advertising to drive users who were looking to download certain types of software. A recent blog post by researchers at VMWare Carbon Black indicates that the tool continues to be widely distributed.
The tool can be used to deliver several different payloads and is structured so that the early stages of an attack are difficult to detect by traditional means. Once the loader is executed on a system, it utilizes built-in operating system tools to establish itself without creating an easily detectable signature. In other words, it’s extremely important to stop this malware and the web sites that distribute it before it is executed on a targeted machine, because it is unlikely to be detected during the initial stages of infection. ...read more!
