Andromeda is an infamous modular botnet that has been around for several years now. It is very popular in the underground cybercrime market, with many different variants that use different RC4 keys in encrypting and decrypting its network packets.
Since the beginning of 2014, we have found that the version number, which can be seen in its network traffic, has turned to 2.08. This new version is very similar to the previous version 2.07.
The main difference can be found in the beginning of the codes, which contain Andromeda’s anti-analysis tricks. Anti-analysis techniques are employed by most malware nowadays in order to make their codes harder to analyze by security researchers.
In this blog post, we will compare these anti-analysis differences with Andromeda’s previous version 2.07.
more here...........http://blog.fortinet.com/New-Anti-Analysis-Tricks-In-Andromeda-2-08/
Since the beginning of 2014, we have found that the version number, which can be seen in its network traffic, has turned to 2.08. This new version is very similar to the previous version 2.07.
The main difference can be found in the beginning of the codes, which contain Andromeda’s anti-analysis tricks. Anti-analysis techniques are employed by most malware nowadays in order to make their codes harder to analyze by security researchers.
In this blog post, we will compare these anti-analysis differences with Andromeda’s previous version 2.07.
more here...........http://blog.fortinet.com/New-Anti-Analysis-Tricks-In-Andromeda-2-08/