Dropper Malware comes with DLL Hijacking Feature

Trojans, Viruses, Worms have become the scare of the year, and with good reason. Many of the recent files are malicious in nature, causing the infected user at the very worst, to lose everything on their computer. There are few specially coded malware, which are not only developed to ensure that they cause maximum damage and steal all the sensitive information they can find on the infected devices.

According to Bitdefender experts, In a blog post they mention about such a malware called "Dropper" or Trojan.Dropper.UAJ. But the brand new in terms of approach that dropper hijacks a library file called comres.dll, altering it to ensure that each time it's being used, the malware steps into play. The smartness of this malware can be judge from here that, it makes a copy of the genuine comres.dll file, patches it and then saves it in the Windows directory folder, where the operating system normally looks for a DLL to load when it is required.

This attack unites two type of exploitation. DLL Hijacking is an attack that exploits the way some Windows applications search and load Dynamic Link Libraries. A bad guy can place a fake DLL for a known program in a location that is searched before the real DLL's location and almost guarantee that the malicious DLL is loaded, resulting in whatever code the attacker wants to run running. The Trojan then drops a Backdoor, identified by Bitdefender as Backdoor.Zxshell.B, which actually contains the code compromising the system.

Trojan.Dropper.UAJ is able to run on Windows7, Windows Vista, Windows 2003, Windows 2000 or Windows NT in both 32- and 64-bit environments.

2012 in terms of malware will be one of explosive growth, mostly because of the spread and growing allure of social networks and Security issues of the Android platform will mean that the number of threats to smartphones and tablets will also experience a boost in 2012.

[Source]