The Dyre malware tool, which has emerged as one of the most significant banking Trojans since the takedown of the Gameover Zeus botnet in June 2014, has added an effective new trick for avoiding detection by anti-malware tools. Security researchers at Seculert recently discovered a new version of Dyre that is able to evade sandbox detection tools by checking how many processor cores the machine has. If it discovers the machine has just one core it immediately terminates on the system it has infected before it can be spotted. A security sandbox is basically a secure virtualized environment for executing and running unfamiliar or untrusted code to see if it contains any malware. Several security tools are currently available that offer sandboxing as a technique for detecting and blocking malicious code.
The information provided herein is on "as is" basis, without warranty of any kind.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street