2008-01-31 19:10:57 by HASH0x8b23a0c in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
Life's too short to live in uncertainty, the stakes are too high. A month ago, I indicated the upcoming release of the third version of the script kiddies favorite Shark Malware. Despite that after the negative publicity of the malware that's actually promotd as a RAT, the authors supposedly abondoned the malware, they seem to have logically resumed its development. And so, the Shark3 malware is continuing its development.
What's new? Anti-debugger capabilities in particural against - VmWare, Norman Sandbox, Sandboxie, VirtualPC, Symantec Sandbox, Virtual Box etc.
Detection rate : Result: 15/31 (48.39%) - Backdoor.Win32.Shark.ifFile size: 3104768 bytes
MD5: e3a6758f5c90b39b59c6cd7551224d52
SHA1: 25f025f31560a28275aab006e04aace828e012ea
Some key points regarding Shark :- its do-it-yourself nature, just like many of the malware tools I've covered before is empowering script kiddies with advanced point'n'click capabilities
- built-in spyware functionaly, namely "aggressive service" which resets the start-up values when they're delted, yet another indication that what's pitched as a RAT is in fact malware
- once released in an open source form, a community emerges around it one that starts innovating and coming up with new features
