Trojan hijacks often-used DLL file for stealthier approach

A new dropper Trojan has been detected by BitDefender researchers, and this one utilizes an interesting technique in order to hide from antivirus software installed on the compromised computer.

Instead of adding itself to the Startup list - a move that is obvious both to AV solutions and savvy users - it takes a library file ( comres.dll) commonly used by a number of popular browsers, communication apps and networking tools, copies it and changes it so that every time it is called the malware springs to life and, finally, saves it in the Windows directory folder.

read more : http://www.net-security.org/malware_news.php?id=2010