Cyber-Criminals Using Codes/Methodologies Typical in APT Assaults, Says Sophos

One new threat scam, which Sophos the security company has named "Rotten Tomato," indicates how ordinary hackers currently use codes and methodologies that are typical of APT (advanced persistent threat) scams. Infosecurity-magazine.com reported this dated November 7, 2014.

Sophos' label for the assault gets the name from an earlier campaign called 'Tomato Garden' wherein many separate hacker cabals utilized the identical 0-day vulnerability in Microsoft Word; however, the current instance is different in that a few samples haven't been effectively executed hence they're 'rotten.'

The attackers haven't just utilized the long prevalent CVE-2012-0158 security flaw, nevertheless, have utilized the more recent CVE-2014-1761 vulnerability too, abusing these for planting the Zbot Trojan.

According to Gabor Szappanos, Researcher with SophosLabs, Rotten Tomato represents one true personalized attack campaign, executed across Russia, during most of the instances. Infosecurity-magazine.com reported this dated November 7, 2014.

Rotten Tomato, which belongs to the Plugx malware group, was created to be one dual weapon assault where though, one weapon proved unsuccessful. Despite that, there still is real threat from the malware even as it raises the possibility of contamination inside computers within which previous flaws are already patched, stresses the security company.

Szappanos has been watching Plugx since the last 2-yrs and based on this malware variants' evolution during that period, the researcher lately issued one study paper, which explains the details of the campaign, and thereby reports how plentiful variants had been noticed which exploited the security flaws referred to above.

In addition, Szappanos states that these malware developers happen to be highly active APT gangs and they've been executing several personalized assaults which probably enjoyed the China government's backing. Scmagazime.com published this dated November 3, 2014.

According to the researcher, a variant called SHA1: c3a7cb43ec13299b758cb8ca25eace71329939f7 features one encoded Zbot sample3 prefixed to the RTF, while he bets the various malware developers utilized the variant like a template.

Szappanos further observes that while ordinary developers of malicious software copy APTs more and more, the fine line that separates ordinary malware assaults and APTs is getting more difficult for outlining. SCMagazineUK.com published this dated November 5, 2014.

» SPAMfighter News - 11/19/2014