Trend Micro Detects Latest APT Called IXESHE

According to Trend Micro, one fresh APT (advanced persistent threat) outbreak named IXESHE is ongoing as it utilizes hijacked servers from enterprise networks to use them as its C&C (command-and-control) systems.

The technique reportedly, lets IXESHE attackers for remaining concealed through obfuscation of their operations by integrating them into legitimate data of enterprise members. Normally, the victims would include certain telecom company based in Germany, electronic manufacturers, or governments of East Asia, says Trend Micro.

Vice-President of Cyber-Security Tom Kellermann at Trend Micro states that the specialty of IXESHE can be found in the attackers' ability to change the C&C across the target network of an organization. Infosecurity-magazine.com published this on June 6, 2012.

Kellermann further explains that instead of the attackers reverting to the C&C they would make the C&C up-to-date based on a manual sleep-cycle procedure at long time intervals.

The key technique for IXESHE to gain admission into victims' computers is through malevolent PDF files, which abuse vulnerabilities in Adobe Reader, Acrobat, alternatively Flash Player known as the CVE-2009-4324, CVE-2011-0609, CVE-2009-0927, or CVE-2011-0611 vulnerabilities. Moreover, an exploit, which abuses Excel software of Microsoft namely CVE-2009-3129, has also been detected.

Furthermore, it's reported that the outbreak has been effectively carrying out targeted assaults starting 2009. To continuously monitor their operations, the attackers implant one "campaign label" within the IXESHE malicious software, which apparently describes whenever an assault is launched as also occasionally the target's characteristics. Researchers at Trend Micro have discovered over forty such 'campaign labels.'

According to the security company, by compromising and wholly controlling the target computers with the IXESHE malicious software, the attackers carry out numerous harmful activities. These are indexing each-and-every drive, process and service; disabling every service and process; taking down as well as uploading files; triggering off services and processes; collecting the domain name and the type-name of the compromised computer; garnering the victim's username; downloading random files and running them, among several others.

Conclusively Trend Micro states that as IXESHE's perpetrators keep their identities undetected they've demonstrated their capability and determination, and use of malware that while being quite uncomplicated works highly effectively.

Related article: Trend Micro Detects Spam Mail Declaring World War III

» SPAMfighter News - 6/15/2012