Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    Trend Micro has obtained samples of malware implicated in a recent incident that forced the Israeli police department offline. According to media reports, the severity of the attack was enough for all police computers to be taken temporarily offline last Thursday.

    The attack began with a spammed message purporting to come from the head of the Israel Defense Forces, Benny Gatz. The From field has the email address, bennygantz59(at) and bore the subject IDF strikes militants in Gaza Strip following rocket barrage to make it more legitimate.

    When unsuspecting recipients open the email, they will find a .RAR file attachment, which leads to the backdoor detected by Trend Micro as BKDR_XTRAT.B. Examining the e-mail headers, the target appears to have been within the Israeli Customs agency:

    Based on our analysis, this backdoor is an Xtreme remote access Trojan (RAT) that, like all RATs, can be used to steal information and receive commands from a remote attacker. The Xtreme RAT appears to have been used in previous attacks targeting Syrian anti-government activists. In addition to the standard features that are common to every RAT, the newest Xtreme RAT version also has the following features:

    • Windows 8 compatibility
    • improved audio and desktop capture capabilities
    • improved Chrome and Firefox password grabbing; it can also grab passwords from Opera and Safari
    • free updates from the developer

    In the past, Trend Micro has reported various incidents where cybercriminals employed the web to launch attacks and/or used political issues as social engineering tactics:

    We’ve also reported on other RATs like Poison Ivy and PlugX earlier:

    Trend Micro Smart Protection Network protects users from this threat by detecting the spammed message and the malicious file.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    Comments are closed.


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice