IT Support in Los Angeles: New Tactics Used by Malware to Avoid Detection

IT Support in Los Angeles: New Tactics Used by Malware to Avoid Detection

Those intent on spreading malware are always looking for tactics to avoid detection. Their strategies are more sophisticated than ever. One new type of adware highlights the latest techniques hackers are using. DealPly works to avoid antivirus detection, according to the experts on IT support Los Angeles companies trust. It's something business owners need to be aware of.

Read more: Working with IT Support Providers in Los Angeles for Social Engineering Protection

What is DealPly?

DealPly is a new form of adware. It usually comes bundled with software installation programs such as photo cropping software.

The adware gets inserted into the Windows AppData directory. This makes it more difficult for antivirus programs to find. It also adds an entry to the Windows Task Scheduler, so it runs every hour.

When the adware runs each hour, it first contacts its command-and-control server (C2). It sends a request for instructions. It also goes through a routine to detect if reputation services have blacklisted the malware's URLs. This helps the malware stay ahead of the game when it comes to being detected and blocked.

Read on: Protect Your Business from These Types of Malware with IT Support in Los Angeles

How Does DealPly Leverage Reputation Services to Avoid Detection?

Reputation services such as Microsoft SmartScreen work to verify which URLs are safe and which ones are risky. If adware seeks a malicious URL, the reputation service can flag it, offering developers a way to avoid spreading malware.

DealPly uses the reputation services APIs to see if it’s been detected.

Take Microsoft SmartScreen for example. DealPly will ask its central server for URLs to test. With the provided information, DealPly uses Smartscreen's API to query whether a URL is safe or not. It will receive one of three responses:

  • UNKN Unknown URL/File
  • MLWR Malware related URL/File
  • PHSH Phishing related URL/File

The results get sent back to the C2 server to see which ones have been blacklisted. This information allows the malware's central server to assess which URLs are compromised. It can generate new samples as needed to stay ahead of detection, according to IT support firms in Los Angeles.

DealPly is only one example of malware using this technique. However, it demonstrates the sophisticated techniques hackers are using to avoid detection. As detection moves to counter new techniques, hackers are going to keep innovating to avoid it.

Keep reading: IT Support in Los Angeles: How to Protect Your Firm Against Hackers

What to Do

What can you do to keep this malware out of your network? Keep your antivirus and anti-malware software up-to-date. For more information or assistance in strengthening your network, contact the experts on IT support Los Angeles businesses trust with their security. Contact us at DCG Technical Solutions today.