The number of bugs in a chip is relatively proportional to the number of transistors - Bob Colwell, former Intel chief architect
SECURITY FIRM Fireeye has discovered that the notorious Poison Ivy Trojan, which famously was used to attack RSA's SecurID infrastructure in 2011, is still going strong after eight years and is being used in targeted attacks.
Fireeye announced its findings in a report entitled "Poison Ivy: Assessing Damage and Extracting Intelligence" on Wednesday, saying that the remote access tool (RAT) is not being blocked and is still favoured by some hackers.
"Remote access tools may be the hacker's equivalent of training wheels," said Fireeye manager of threat intelligence Darien Kindlund in a blog post. "But dismissing this common breed of malware could be a costly mistake.
"Despite their reputation as a software toy for novice attackers, RATs remain a linchpin of many sophisticated cyber attacks and are used by numerous threat actors."
Kindlund said that today Fireeye sees hundreds of attacks using Poison Ivy targeting very high profile enterprises, which is worrying because it has been used in several high profile malware campaigns, most famously the 2011 compromise of RSA SecurID data.
In the same year, Poison Ivy powered a coordinated attack dubbed "Nitro" against chemical makers, government offices, defense firms, and human rights groups.
Fireeye's report also details ongoing nation-state threat actors that take advantage of Poison Ivy, namely: "admin@338", which targets financial services industry; "th3bug", which targets higher education and healthcare industries, and "menuPass", which targets US and overseas defense contractors.
The security firm has released a set of tools named Calamine to help organisations detect possible Poison Ivy infections.
"With the Calamine package, security professionals can identify telltale indicators of a Poison Ivy attack, including the attacker's Poison Ivy process mutex and password, decoded command and control traffic to identify exfiltration, lateral movement, and a timeline of Poison Ivy malware activity," Fireyee said.
"Calamine may not stop determined attackers that use Poison Ivy, but it can make their criminal endeavors that much more difficult." µ
Sign up for INQbot – a weekly roundup of the best from the INQ