{"id":2431,"date":"2013-02-07T00:00:00","date_gmt":"2013-02-07T00:00:00","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2013\/02\/07\/new-malware-takes-extended-naps-to-avoid-detection-the-security-ledger\/"},"modified":"2021-12-30T11:41:20","modified_gmt":"2021-12-30T11:41:20","slug":"new-malware-takes-extended-naps-to-avoid-detection-the-security-ledger","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2013\/02\/07\/new-malware-takes-extended-naps-to-avoid-detection-the-security-ledger\/","title":{"rendered":"New Malware Takes &#8216;Extended Naps&#8217; To Avoid Detection | The Security Ledger"},"content":{"rendered":"<p>A newly discovered Trojan Horse program, dubbed Trojan Nap, is programmed to use extended sleep cycles to fool behavior based anti-malware tools, according to a report from the firm FireEye.  In a blog post Tuesday, researchers Abhishek Singh and Ali Islam said the new malware has a function, dubbed SleepEx() that can be used to configure long \u201cnaps\u201d that the malware takes after it is installed on a compromised system.   The default value, 600,000 milliseconds \u2013 or 10 minutes \u2013 seems designed to fool automated analysis systems that are programmed to capture a sample of behavior for a set time frame.   \u201cBy executing a sleep call with a long timeout, Nap can prevent an automated analysis system from capturing its malicious behavior,\u201d FireEye said.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Those networks rely on domains that shift rapidly between different IP addresses, making it difficult for victims to block the source of the attack, or identify a clear pattern of malicious activity.   In the case of Nap, FireEye researchers identified systems in Latvia, Ukraine,  Taiwan, as well as Kazakhstan and Pittsburgh, Pennsylvania that were hosting Nap command and control domains.<\/p>\n<p>Using long sleep cycles is described as a \u201cclassic\u201d technique for staying under the radar for automated analysis and antivirus software. <\/p>\n<p>Link: http:\/\/securityledger.com\/new-malware-takes-extended-naps-to-avoid-detection\/<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13],"tags":[],"class_list":["post-2431","post","type-post","status-publish","format-standard","hentry","category-warnings"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2431","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=2431"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2431\/revisions"}],"predecessor-version":[{"id":4918,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2431\/revisions\/4918"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=2431"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=2431"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=2431"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}