Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in your inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
Go

Trend Micro Discovers HeartBeat APT Targeting Attack vis-à-vis SK Government

In its recently-published white paper, Trend Micro outlines a currently spreading APT (advanced persistent threat) known as HeartBeat that in one malicious campaign tries to harm South Korea's government as well as a few associated organizations over the Internet starting 2009 if not earlier..

Specifically, the HeartBeat outbreak aims at political parties in South Korea, its government's branches, its armed forces' military wing, media agencies, one SME, as well as a research institute for SK's national policies.

The malware campaign reportedly, uses a RAT (remote administration tool), which became apparent during June 2012 within certain Korean newspaper's networks. With extensive investigations, it was learnt that this RAT's foremost variant surfaced in November 2009 and then it had been utilized during 2011 too.

Online crooks who're disseminating the mentioned RAT give it an appearance of one innocuous document. If run, an authentic file gets opened that disperses any possible doubt, while behind the scene malevolent activities of the malware operate.

And though right now, the document's manner of distribution isn't definitely known, security researchers think spear-phishing e-mails are possibly the channel.

Intriguingly, a form of installer, the said RAT installs one Direct Link Library (.DLL) file, which's subsequently inserted into the svchost.exe a genuine process. Thereafter, the inserted element communicates with the C&C server of the malicious software for confirming contamination as also for receiving remote commands.

The commands issued (to the RAT) include naming the ongoing processes along with each one's process ID; taking down as also running files; uninstalling or updating the malware; starting else destabilizing a process; naming the existing fixed/detachable drives; naming the originally present files along with the date/time they were created; deleting or uploading files; facilitating access from the remote using command shells; and restarting the computer device.

When these commands are executed, the attackers gain entire hold of the victims' PCs.

Notably, the attackers, by utilizing hijacked hosts to serve like command-and-control proxy servers, limit the tracing down chances of probable e-threats. Further, the campaign codes utilized are varied containing Chinese phrases -minzhu, xuehui and guohui- however, utilization of English language seems more comfortable, Trend Micro concludes.

Related article: Trend Micro Warns of Flaw in its Anti-Virus

» SPAMfighter News - 09-01-2013

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next