ISC StormCast for Friday, February 12th, 2021
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 12 February 2021
⏱️ 6 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Friday, February 12, 2021 edition of the Sandstone Storm Center's Stormcast. My name is Johannes Ulrich. And I'm recording from Jacksonville, Florida. |
| 0:15.2 | Jan came across an interesting ancient Tesla sample. Now, at first, it looked like, well, just any ancient Tesla sample. It arrived as |
| 0:24.6 | one of those fake DHS shipping notices. In itself, this was not done very well. It used a from address |
| 0:34.0 | that claimed to be from DHL.com. Now, with dhl.com using SPF, these emails most likely ended up in your spam folder. |
| 0:45.6 | The attachment was an ISO file, which again is not really all that unusual, but the content |
| 0:52.1 | of the ISO file then turned out to be somewhat odd as Jan dove deeper into it. |
| 0:59.3 | In addition to just bloating the content of the sample by attaching Bitmap image files, |
| 1:07.1 | the sample also included a code, a couple of DLs and such, from valid and high malware. |
| 1:15.8 | Jan identified the source of the code as a piece of software called Virus Effect Remover. |
| 1:22.3 | No longer being sold and it's about 10 plus years old, but that's the code that they appended to this particular |
| 1:31.7 | malicious sample. At this point, we can only really guess why they did it. So first of all, |
| 1:38.0 | attackers do sometimes like to float their malware samples, make them larger in order to evade inspection. |
| 1:46.0 | A lot of antivirus tools will not inspect files above a certain size. |
| 1:51.0 | And that's why you, for example, in this case as well, see images being included with the malver. |
| 1:58.0 | The other reason, and that may be a little bit more sinister, but also not very |
| 2:03.6 | likely given the overall sophistication or lack of sophistication for this sample, it may be an attack |
| 2:10.6 | trying to bypass or evade some machine learning algorithms. There have been some interesting |
| 2:17.1 | papers recently that described how machine learning algorithms. There have been some interesting papers recently that described how machine learning algorithms |
| 2:21.3 | are anti-malver based on machine learning can be fooled into believing that Malver is actually |
| 2:27.8 | benign by including a sample of common benign software. |
| 2:34.6 | In a particular paper, for example, they used notepad.exe. |
| 2:39.1 | Maybe this is sort of a little attempt to do something like this. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.