New Adwind RAT Campaign with Zero AV Detection Targets Businesses in Denmark

Danish cyber-security firm Heimdal Security has detected a wave of spam email delivering malicious attachments laced with versions of the Adwind RAT (Remote Access Trojan).

The campaign took place over the weekend and according to Heimdal Security experts, it only targeted Danish companies.

Regardless of its initial scope, all spam emails were written in English, so an expansion to other countries may not take more than the push of a button somewhere in the crook's control panel.

Heimdal says the spam emails came with a file attachment named Doc-[Number].jar. A quick scan on VirusTotal reveals that no antivirus engines were able to detect the file as malicious, even if it was hiding the Adwind RAT, a four-year-old malware family.

Adwind first appeared on the market bearing the name of Frutas RAT (January 2012) and rebranded several times as Unrecom RAT (February 2014), AlienSpy (October 2014), and most recently as JSocket RAT (June 2015). Most security firms still call it Adwind, the name under which it made the most casualties.

A Kaspersky report released in February 2016, after authorities managed to shut down the crook's operation, revealed that the group behind this malware sold their toolkit to 1,800 other criminals, who then infected over 443,000 victims.

加强安全系统的监控和审计,特别是有部署了数据防泄露系统或安全事件管理平台的要适当调整严格一些设置,防止机密数据被员工离职前带走,此外要做好日志记录,以便审计之用。

Crooks were delivering their malware in order to infect computers belonging to Danish companies.

The Adwind RAT would then open a backdoor on these infected systems and allow the crooks to take over devices, search for sensitive information and then exfiltrate it via various channels.

白帽黑客:网络安全维护,还是非法攻击?,南方网

All computers were also added to a global botnet, which the malware's operator could have used to send spam or launch DDoS attacks if he wanted. Heimdal's team detected over eleven C&C servers used in this latest campaign.

"Online criminals seem to be turning their attention to more targeted attacks that require a smaller infrastructure to carry out. This means less resources put into building infrastructure and a potentially bigger return on investment because of the targeted nature of the strike," Heimdal's Andra Zaharia explains.

"Avoiding large-scale campaigns also means thay have a higher chance of going undetected. This gives them more time to sit on the infected systems and extract more data from them."

多数软件的测试并不足够,快速、优质和廉价是软件产业保持竞争力的关键要素,不过,在经济不景气的时候,或业务信息化较为成熟之时,对软件进行充分的安全测试也越来越受到跨国企业和客户的重视。

猜您喜欢

专注于IT服务,助力企业信息化建设
Hacker, vieni a praticare la vostra mano!
广告软件与免费的防病毒软件
移动分析、大数据与个人信息保护
MUNDODEPALLAVRAS BETTERINPANTYHOSE
このセッションでは、シリコンバレーには、ブラックフライとして3ハッカー大物れていません
网络信息安全小曲