Researchers have discovered a Trojan horse that is not downloaded from a URL, but through a Microsoft SQL database. That leaves Intel Security know. The infection begins with an infected e-mail attachment that contains a downloader. Once the attachment is opened will download the final malware.
Normally this is done via a URL, but does in the case of the now discovered downloader that connects to a Microsoft SQL database. That makes it difficult for administrators to find out where the malware comes from. To download the Trojan horse downloader makes the connection to the database, check the correct table and downloads the malware via the response from the database.
VB.Net code showing the SQL query to download the payload. |
No comments:
Post a Comment