The folks over at philosecurity.org posted a revealing interview with Matt Knox, an ex-adware designer/creator for Direct Revenue. Check out the following snippet:
So we’ve progressed now from having just a Registry key entry, to having an executable, to having a randomly-named executable, to having an executable which is shuffled around a little bit on each machine, to one that’s encrypted– really more just obfuscated– to an executable that doesn’t even run as an executable. It runs merely as a series of threads.
Comments