Microsoft has discovered an unusually stealthy Trojan capable of deleting files it downloads in order to keep them away from forensics investigators and researchers.
The Trojan downloader, called Win32/Nemim.gen.A
, is the latest example of how malware writers are using sophisticated techniques to protect their own trade secrets.
The Trojan essentially makes downloaded component files irrecoverable, so they cannot be isolated and analyzed.
"During analysis of the downloader, we may not easily find any downloaded component files on the system," Jonathan San Jose, a member of Microsoft's Malware Protection Center, said in a blog post
. "Even when using file recovery tools, we may see somewhat suspicious deleted file names but we may be unable to recover the correct content of the file."
Microsoft managed to grab some components as they were being downloaded from a remote server. The malware's two purposes was to infect executable files in removable drives, and to unleash a password stealer to snatch credentials from email accounts, Windows Messenger/Live Messenger, Gmail Notifier, Google Desktop and Google Talk.