NimzaLoader Malware Doesn't Use Hackers' Usual Codes, Thus, Making it Harder to Detect It

The new NimzaLoader malware is quite different from other malicious computer viruses. Security researchers claimed that it doesn't use the usual programming language used by various hackers and cybercriminals to attack companies and businesses.

This New Malware is Harder to Detect and Defend: Experts Say It Doesn't Use Hackers' Codes
Participants work at their laptops at the annual Chaos Computer Club (CCC) computer hackers' congress, called 29C3, on December 28, 2012 in Hamburg, Germany. The 29th Chaos Communication Congress (29C3) attracts hundreds of participants worldwide annually to engage in workshops and lectures discussing the role of technology in society and its future. Photo by Patrick Lux/Getty Images

They explained that since its codes are very different from the ones commonly used by online attackers, the latest NimzaLoader malware is very hard to detect and defend against. According to ZDNet's latest report, this new computer virus is distributed by a cybercriminal hacking operation.

Why NimzaLoader is hard to detect

This new malware is specifically designed to allow online attackers and other cybercriminals to gain access to Windows computers. It has the ability to execute commands. Once it executes these malicious codes, the hackers will be able to steal sensitive information, control the victim's computer, or deploy another malware.

Proofpoint, a security firm, is the first one to discover this new computer virus. Here's what the company's researchers found:

This New Malware is Harder to Detect and Defend: Experts Say It Doesn't Use Hackers' Codes
A particpant checks a circuit board next to an oscilloscope on the first day of the 28th Chaos Communication Congress (28C3) - Behind Enemy Lines computer hacker conference on December 27, 2011 in Berlin, Germany. The Chaos Computer Club is Europe's biggest network of computer hackers and its annual congress draws up to 3,000 participants. Photo by Adam Berry/Getty Images
  • Doesn't use the same code flattening obfuscator
  • Doesn't use the same RC4 using dates as the key command and control (C&C) response decryption
  • Doesn't use the same style of string decryption
  • Doesn't use the same XOR/rotate based Windows API hashing algorithm
  • Written in a completely different programming language
  • Doesn't use a domain generation algorithm (DGA)
  • Makes use of JSON in C&C communications

Who developed this new malware?

Proofpoint's researchers claimed that this new malware was developed by TA800, a hacking operation that targets a wide range of companies and businesses across North America. This group is also accused of developing a form of Trojan malware called BazarLoader.

Compared to the latest NimzaLoader, the previous BazarLoader creates a full backdoor onto compromised Windows laptops and PCs. It is also well-known for delivering ransomware attacks.

However, these two computer viruses have one thing in common: they are both distributed using phishing emails that link potential victims to a fake PDF downloader. If you want to know more details, you can click here.

For more news updates about new malware and other malicious systems, always keep your tabs open here at TechTimes.

This article is owned by TechTimes.

Written by: Giuliano de Leon.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics