McAfee experts have analyzed the threat which seems to use the same server since 2009

Jul 6, 2012 09:06 GMT  ·  By

Malware authors keep deploying interesting mechanisms to ensure that their creations can perform their tasks without being interrupted by antivirus or network intrusion prevention solutions. A perfect example is the Monkif botnet detailed by McAfee experts.

The researchers report that the botnet still has the same command and control server from Sweden that it used back in 2009.

However the even more interesting thing about Monkif is the way it receives download URLs encrypted in JPEG image files.

The malware lands on a target device posing as a web browser plugin. After it checks the running processes to see if any of them is a piece of security software, it sends GET requests back to its server.

The response is an image file that contains the location of a malicious file that’s downloaded onto the victim device. The samples analyzed by McAfee download adware, but other threats may also be involved.