• About
  • Advertise
  • Careers
  • Contact
Monday, March 20, 2023
No Result
View All Result
NEWSLETTER
Cyber360 News
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
No Result
View All Result
Cyber360 News
No Result
View All Result
Home Security

Upgraded sLoad 2.0 (Starsload) Malware Exposed By Microsoft

by Cyber360 News
January 22, 2020
in Security
0
Upgraded sLoad 2.0 (Starsload) Malware Exposed By Microsoft
0
SHARES
2
VIEWS
Share on FacebookShare on Twitter

In a security report last month, Microsoft exposed the sLoad (Starsload) malware campaign that abuses the BITS component in Windows for malicious activities. But the malware operators quickly launched an upgraded sLoad 2.0 this month.

Even though the new sLoad version hasn’t changed much, but the fact that the sLoad authors shipped a new version in less than a month after getting exposed is concerning.

How sLoad malware works?

sLoad (Starsload) malware is basically a “malware downloader” or “malware dropper.” It mainly infects Windows PC with the intent of gathering information from infected systems. This stolen info is then sent to a command and control (C&C) server after which it receives instructions to download and install a second malware payload.

In short, sLoad is a delivery mechanism for more dangerous malware strains. It also helps the sLoad operators make money by offering pay-per-install space to other malware campaigns.

sLoad exploits Windows BITS

Even though malware downloaders are prevalent and not a matter of big concern, but Microsoft says that sLoad is a unique one owing to its level of sophistication and use of non-standard techniques for attack. But the most concerning one is the use of Windows BITS.

Background Intelligent Transfer Service or BITS is a component in Windows through which Microsoft sends updates to Windows users worldwide. The BITS service can detect whenever the user is not using the network connection. It utilizes this downtime to download Windows updates.

However, the BITS service can also be used by other apps other than the Windows Update process. Various apps use BITS to schedule tasks and network operations whenever the PC network connection becomes idle.

sLoad is one of the few malware strains whose entire host-server communications systems rely on Windows BITS service of an infected host.

Starsload malware can set up BITS scheduled tasks that run at regular intervals. It uses these tasks to communicate with its C&C server, download other malware payloads, and even send data from an infected host back to the server.

Apart from leveraging the BITS communications, sLoad also relies on PowerShell scripting language for its “fileless execution” mode where the malware can run completely inside the RAM, without using the disk.

Slight changes in operation

sload starsload malware

Sujit Magar, a malware analyst at Microsoft Defender ATP Research Team, says that there aren’t many changes in sLoad 2.0 malware.

The new additions are the WSF scripts instead of VB scripts during the infection process; a mechanism to check if malware analysts are analyzing the code, and the rollout of a system that tracks the stages of sLoad infection.

C AND C++ COURSE SQUARE BANNER AD
Cyber360 News

Cyber360 News

Next Post
Microsoft Leaves 250M Customer Service Records Open to the Web

Microsoft Leaves 250M Customer Service Records Open to the Web

Recent Posts

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

October 6, 2021
Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

October 1, 2021
Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

October 1, 2021

Whats New in Kali Linux?

September 14, 2021

Kali Linux 2019.3 Release (CloudFlare, Kali-status, metapackages, Helper-Scripts & LXD)

September 14, 2021

Kali Linux 2021.3 Release (OpenSSL, Kali-Tools, Kali Live VM Support, Kali NetHunter Smartwatch)

September 14, 2021

Kali Linux 2018.4 Release

September 14, 2021

Kali Linux 1.0.5 and Software Defined Radio

September 14, 2021

Kali Tools Website Launched, 1.0.9 Release

September 14, 2021

Kali Linux Dojo at Black Hat Vegas 2016

September 14, 2021

Category

Site Links

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

About Us

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

© 2019 Cyber360 News - Powered by WebSensePro

No Result
View All Result
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us

© 2019 Cyber360 News - Powered by WebSensePro

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In