Sality Trojan Infects Hidden Banking Trojan to Help Unmask It

A variation of the Sality Trojan, known for being used by hackers to carry out malicious actions on infected computers and spreading through executable files, has helped unmask a dangerous banking Trojan through infecting the once hidden threat.

Security researchers have finally had a chance to uncover an aggressive banking Trojan that has evaded detection by antivirus companies and their antivirus applications. What was thought to be a highly-targeted malware threat, was found to avoid detection mainly due to its limited distribution. Antivirus companies may overlook threats that are in limited supply, which normally possess no immediate danger.

Sality Trojan, among another malware threats designed to steal banking information, were two pieces of malware looked at by researchers for infecting one another. In such a case, the unidentified banking Trojan remained undetectable until it was infected by the Sality Trojan. By Sality infecting the banking Trojan, it would show up on the virtual radar screen for antivirus applications. You can think of Sality being a tracking bug placed on a stealth bomber. Until the tracking device was placed on the potentially destructive bomber, it was able to conduct its mayhem while undetected. The tracking device in this case is the Sality Trojan, which is a widely detected threat by most antivirus programs.

Ziv Mador, director of security research at Trustwave SpiderLabs, said "Highly targeted malware is crafted to evade anti-virus and due to its limited distribution, AV [anti-virus] companies are unlikely to ever capture these samples in the wild." As an alternative to detecting dodging threats, AV malware authors may utilize third-party services that can emulate the Multi-AV scanning. Through such a process, the authors may be able to change the malware until its signatures or heuristics no longer match detected malware threats.

PCs vulnerable to attacks of masked malware threats, such as the recent banking Trojan, will have one heck of a time eliminating such a threat. As a solution, we advise PC users to be proactive about their PC security and prevent the vulnerability that could lead to the infection of an unidentified threat in the first place.

Remember, if an undetected malware threat has limited volumes, the chances of it being removed from an infected machine by antivirus resources is slim to none. It is not until that rare malware threat is either infected by another threat or increases its volume to the point that it becomes noticed by antivirus authors.