Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    December 2014
    S M T W T F S
    « Nov    
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  
  • Email Subscription

  • About Us

    We released a new research paper describing the activities of another APT campaign, IXESHE (pronounced “i-sushi”).

    One of the most notable characteristics of the IXESHE campaign is the attackers’ use of compromised servers in target organizations as command-and-control (C&C) servers. This tactic allowed them to hide their presence by confusing their activities with data belonging to legitimate individuals. In one particular case, we saw C&C servers hosted on the compromised machines of an East Asian country, making targeted attacks against that government easier. In another case, we received an error message from a C&C server, which indicated that the front-end servers were merely acting as proxies for the actual back-end servers.

    Our research also showed that attackers utilized dynamic Domain Naming System (DNS) servers and broadly distributed external C&C servers around the world to make detection and takedowns more difficult to do.

    The IXESHE campaign has been underway since at least July 2009 when we first saw samples of this particular malware family. Its primary method of entry into user systems is via malicious .PDF files that exploit Adobe Acrobat, Reader, or Flash Player vulnerabilities. These malicious files are sent as attachments to targeted emails sent to potential victims within target organizations.

    In the process of our investigation, we were able to determine that its victims could be broadly classified into three categories:

    • East Asian governments
    • Electronics manufacturers
    • A German telecommunications company

    For further details, please consult the full paper which you can download from the Security Intelligence section of the Trend Micro website.

    Click for larger view





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon






     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice