NanoCore Trojan is protected in memory from being killed off

The NanoCore Remote Access Trojan (RAT) is being spread through malicious documents and uses an interesting technique to keep its process running and prevent victims from manually killing the system, researchers say.

The cybersecurity team from Fortinet recently captured a sample relating to the spread of NanoCore RAT in the form of a malicious Microsoft Word document.

Developed in the .Net framework under an author known as “Taylor Huddleston,” the Trojan has landed its operator in jail for peddling the malware on underground forums.

While the Arkansas man is due to serve close to three years in prison, his legacy continues on in the wild without his influence.

Read more…
Source: ZDNet