Secuobs.com : 2012-07-20 11:50:07 - SecurityTube.Net - Earlier this week, security researchers at Kaspersky Lab and Seculert reported the presence of a cyber-espionage tool known as Madi also spelled Mahdi The malware was quickly added to a growing list of Trojans that fall under the umbrella of advanced persistent threats APTs However, there were some things about Madi that weren't very advanced at all, raising the question about just what constitutes an APT We see many attacks from 'APT' where the 'A' really isn't applicable, says Roel Schouwenberg, senior researcher at Kaspersky, who added he does not like the term APT because of the confusion it causes These attacks are persistent, but that's about it But as we can see, like with Madi, persistence by itself will still get you somewhere The Madi attacks qualify as APT, however, because they are also go after industrial designs, meaning there is IP theft, he said Once on a system, Madi is capable of not only stealing data from infected Windows machines, but also monitoring email and instant messages, recording audio, capturing keystrokes, and taking screenshots of victims' computers Researchers at Seculert and Kaspersky worked in concert to sinkhole the malware's command and control servers and monitor the campaign for eight months Their efforts uncovered a targeted attack campaign with more than 800 victims in Iran, Israel, and other countries from around the globe IMAGE
↧