It makes detecting Trickbot more difficult

Malware Lab's researcher Maciej Kotowicz has made an intriguing discovery that makes the Trickbot banking trojan even more of a threat. The most recent strain of the malware he looked at is sporting a new feature that allows the code to check the resolution of the screen on the machine it's running on.

If it finds the resolution to be either 800 x 600, or 1024 x 768, which are commonly used on virtual machines to examine such code, the process will terminate.

Why is this important?

This is both good news and bad. On the one hand, since most virtual machines run those resolutions, it makes detecting Trickbot a much more difficult proposition. Given that, it's a safe bet that other forms of malware will soon be utilizing the technique to help them evade detection.

It does mean that if your monitor is configured to use either of those resolutions, you're essentially immune to the malware because it will assume you are a virtual machine and leave you alone. Unfortunately, those are relatively poor resolution choices and almost every modern PC is capable of running much higher (and more useful) resolutions, making it very much of a two-edged sword.

This is definitely something you want to make sure your IT staff is aware of so they can adjust their detection strategies when searching for, or investigating malware strains.

Our perspective

While it's unlikely that any company would opt for an approach that sees them set screen resolutions enterprise-wide at one of those two resolutions, in certain specific instances, it may be a viable mitigation strategy. Even if not though, this most recent discovery provides a valuable glimpse into the mindset and lines of thinking employed by hackers around the world. Stay vigilant. It's dangerous out there.

~ As Hill Street Blues' Sgt. Esterhaus always advised: "Hey, let's be careful out there! " ~


By Denis Wilson and Melissa Stockwell

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPIA Blogs. I am also available on LinkedIn, Facebook, and Twitter.

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT SupportI'm Denis Wilson, President and Principal Consultant for DWP Information Architects. We build people / process / technology solutions to create better business outcomes for smaller enterprises in Los Angeles. We have created cost-effective office productivity and out-sourced service solutions for over 20 years, focusing principally on manufacturing and healthcare.  Our hallmarks are reliability, cybersecurity, and regulatory compliance.

I am also a published author and speaker, working extensively with business and professional associations to provide small business technology education programs.

Contact me if you would like me to speak at your association