Newer Variation of Dofoil Trojan Revealed Having Advanced Functions to Evade Detection

Computer hackers are always on the move to conjure up the latest and greatest threat, so they can earn the best payday possible at the expense of victimized computer users. This perpetual force has brought many older malware threats back from the dead where they emerged stronger than ever with new advanced functions to make them more efficient and in a way, full proof. A particular malware threat that has resurfaced to wreak havoc on vulnerable computers around the world is the Dofoil Trojan, once gone silent in the past year, but has come back to life with new evasion features.

The Dofoil Trojan, what has been touted as an aggressive data-theft and system-takeover botnet, has emerged again this year with new functions to evade detection by security solutions. Dofoil Trojan, acting as a botnet, is designed to create a network of infected computers the hackers behind the malware can then utilize to attack systems to steal data from them.

In recent findings by malware researchers at Fortinet, the Dofoil Trojan has been found to have new capabilities where it can now retrieve a list of modules from its command and control (C&C) server that are encrypted. The changes found in the newer variant of Dofoil have anti-analysis measures that check to see if it is being run on a debugger or virtual machine. If it detects such a case, Dofoil seems to have the ability to take action to foil its examination analysis by entering into an infinite loop mode.

Other aspects of the latest Dofoil Trojan variant is that it fools detection mechanisms by means of encrypting packages to send back to a set of legitimate URL addresses from a registry key. This behavior is known to mask the malicious data that is exchanged between a system infected with Dofoil and the command and control server. Additionally, the detection of Dofoil is limited due to the legitimate servers that receive the fake data respond in different ways sending back an error or return a simple loading of a normal web site.

In researchers uncovering this information on Dofoil, it was allowed by means of its encrypted packages being decrypted and then revealing the identification of its command and control server. This process has not been an easy task. However, in Dofoil's random activities and encrypting abilities, researchers have determined the infection's technique for escaping detection of different security tools.

Additional underlying information about Dofoil has been limited thus far. Researchers, at the moment, have concluded that Dofoil Trojan has become a much more aggressive and dangerous threat than it has ever been. It is possible that other botnet threats similar to Dofoil may follow suit in its new advancements to evade detection and analysis in the future, which many computer security experts are now readying themselves for.

As always, continue to utilize an updated antivirus or antispyware application to detect and remove threats like Dofoil. Additionally, it is in your best interest to continue utilizing a security tool to protect your system from becoming infected with threats as dangerous as Dofoil or other related botnets, which could lead to theft of your personal data.