Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Free tool detects Poison Ivy infections

FireEye : 22 August, 2013  (New Product)
FireEye releases report demonstrating resurgence of Poison Ivy eight years on from its creation and releases free tool for assessing possible infections
Free tool detects Poison Ivy infections

FireEye has announced the release of a report titled, “Poison Ivy: Assessing Damage and Extracting Intelligence,” that highlights the resurgence of Poison Ivy, a malware Remote Access Tool (RAT) that has remained popular and effective eight years after its original release—attacking dozens of Fortune 1000 firms. In conjunction with the research, FireEye is also releasing Calamine, a set of free tools to help organizations detect possible Poison Ivy infections.

“Remote access tools may be the hacker’s equivalent of training wheels,” said Darien Kindlund, manager of threat intelligence at FireEye. “But dismissing this common breed of malware could be a costly mistake. Despite their reputation as a software toy for novice attackers — RATs remain a linchpin of many sophisticated cyber attacks and are used by numerous threat actors. Today, we see hundreds of attacks using Poison Ivy targeting very high profile enterprises.”

Poison Ivy has been used in several high-profile malware campaigns, most famously, the 2011 compromise of RSA SecurID data. In the same year, Poison Ivy powered a coordinated attack dubbed “Nitro” against chemical makers, government offices, defense firms, and human rights groups.

The FireEye report identifies several ongoing nation-state threat actors currently using Poison Ivy, including:

* admin@338: Active since 2008, this actor mostly targets the financial services industry. FireEye has also observed activity from this actor in telecom, government, and defense sectors.

* th3bug: First detected in 2009, FireEye has observed this actor targeting a number of industries, primarily higher education and healthcare.

* menuPass: Also first detected in 2009, FireEye research suggests that this actor targets U.S. and overseas defense contractors.

With the Calamine package, security professionals can identify telltale indicators of a Poison Ivy attack – including the attacker’s Poison Ivy process mutex and password, decoded command and control traffic to identify exfiltration/lateral movement, and a timeline of Poison Ivy malware activity. The FireEye report explains how Calamine can connect these and other facets of the attack.

This evidence is especially useful when it is correlated with multiple attacks that display the same identifying features. Combining these granular details with big-picture intelligence can help profile threat attackers and enhance IT defences.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo