command and control



In an attempt to better evade detection, cybercriminals are increasingly configuring their command and control infrastructure in such a way that initial malware callbacks communicate with a server located in the same country as the newly infected machines.

What has the makings of a targeted attack campaign against several high-value industries is using a Trojan that employs rigged PDFs to deliver its payload. Targeting organizations in the defense, chemical, technology, and aerospace industries, the MyAgent trojan is primarily spreading through email as a zipped .exe file or PDF attachment, according to researchers at the FireEye Malware Intelligence Lab.

Researchers at Kaspersky Lab, domain registrar GoDaddy and OpenDNS have taken steps to cut off Internet access for machines infected with the Flame worm. In the process, the researchers say they uncovered a large and complex command and control infrastructure of more than 80 Web domains and collected clues that put the origins of Flame as early as 2008.

Global 2000 companies can be split into two categories, according to the author of a new white paper from McAfee (PDF); those that know they’ve been compromised and those that don’t yet know.“The only organizations that are exempt from this threat,” writes the paper’s author, Dmitri Alperovitch, “are those that don’t have anything valuable or interesting worth stealing.”

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.