May 30, 2016
After lying dormant for around nine years, new versions of the Bayrob trojan have surfaced, and security researchers say its operators have kept up with the times and updated their malicious code with new features.
Security experts first stumbled upon Bayrob in the spring of 2007 and saw the last big campaign employing this trojan in the fall of the same year.
Ever since then, the trojan never resurfaced in infections with enough numbers to trigger alerts with any security company. Or at least not until last winter, and then two weeks ago, when new versions of this ancient threat started reappearing on some companies’ radars.
Bayrob resurfaces with a new look
Initial descriptions categorized this malware as a trojan horse that sets up a proxy server in order to steal sensitive information from compromised computers.
These recent versions didn’t change that much but only added small tweaks here and there, mainly to make reverse engineering harder and to avoid detection on infected targets.
The new versions of Bayrob now clone themselves in order to launch multiple processes, each tasked with its own malicious routine.