The new NimzaLoader malware is quite different from other malicious computer viruses. Security researchers claimed that it doesn't use the usual programming language used by various hackers and cybercriminals to attack companies and businesses. 

This New Malware is Harder to Detect and Defend: Experts Say It Doesn't Use Hackers' Codes
(Photo : Photo by Patrick Lux/Getty Images)
Participants work at their laptops at the annual Chaos Computer Club (CCC) computer hackers' congress, called 29C3, on December 28, 2012 in Hamburg, Germany. The 29th Chaos Communication Congress (29C3) attracts hundreds of participants worldwide annually to engage in workshops and lectures discussing the role of technology in society and its future.

They explained that since its codes are very different from the ones commonly used by online attackers, the latest NimzaLoader malware is very hard to detect and defend against. According to ZDNet's latest report, this new computer virus is distributed by a cybercriminal hacking operation. 

Why NimzaLoader is hard to detect

This new malware is specifically designed to allow online attackers and other cybercriminals to gain access to Windows computers. It has the ability to execute commands. Once it executes these malicious codes, the hackers will be able to steal sensitive information, control the victim's computer, or deploy another malware. 

Proofpoint, a security firm, is the first one to discover this new computer virus. Here's what the company's researchers found:

This New Malware is Harder to Detect and Defend: Experts Say It Doesn't Use Hackers' Codes
(Photo : Photo by Adam Berry/Getty Images)
A particpant checks a circuit board next to an oscilloscope on the first day of the 28th Chaos Communication Congress (28C3) - Behind Enemy Lines computer hacker conference on December 27, 2011 in Berlin, Germany. The Chaos Computer Club is Europe's biggest network of computer hackers and its annual congress draws up to 3,000 participants.

Also Read: Microsoft Big Email China Hacked: How to Know if You're Affected, What to Do Next

  • Doesn't use the same code flattening obfuscator 
  • Doesn't use the same RC4 using dates as the key command and control (C&C) response decryption 
  • Doesn't use the same style of string decryption 
  • Doesn't use the same XOR/rotate based Windows API hashing algorithm 
  • Written in a completely different programming language 
  • Doesn't use a domain generation algorithm (DGA) 
  • Makes use of JSON in C&C communications  

Who developed this new malware? 

Proofpoint's researchers claimed that this new malware was developed by TA800, a hacking operation that targets a wide range of companies and businesses across North America. This group is also accused of developing a form of Trojan malware called BazarLoader. 

Compared to the latest NimzaLoader, the previous BazarLoader creates a full backdoor onto compromised Windows laptops and PCs. It is also well-known for delivering ransomware attacks. 

However, these two computer viruses have one thing in common: they are both distributed using phishing emails that link potential victims to a fake PDF downloader. If you want to know more details, you can click here

For more news updates about new malware and other malicious systems, always keep your tabs open here at TechTimes.  

Related Article: Flipper Zero Can Make Your PC's Keyboard Do Commands, Here's How This Tiny Device Hacks Your Desktop

This article is owned by TechTimes.

Written by: Giuliano de Leon.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion