Expert(s): ISBuzz Staff | Informationsecuritybuzz.com »
FireEye’s Mandiant researchers have discovered a malware family using the Common Log File System (CLFS) to hide their second-stage payload in registry transaction files. In their blog post Too Log; Didn’t Read they detail how PRIVATE LOG and its installer STASHLOG use what they say is a novel and especially interesting technique(s) to obfuscate their presence. An expert with Gurucul offers comment.
External Link: Malware Hides In CLFS To Evade Detection – Expert Reaction