A new report from Dell Secureworks is shedding light on the Comfoo Trojan used in the massive 2010 APT attack at RSA — and the news isn’t good.
After penetrating the Comfoo’s command and control infrastructure, security experts Joe Stewart and Don Jackson discovered that the RAT (Remote Access Trojan) – which hasn’t made headlines since the RSA attack — didn’t fade away into the annals of cyber crime history. On the contrary, Comfoo remains quite active, and has been used in at least 64 attacks on enterprises in both the private and public sector, including an attack in Japan last year.
What’s more, there are about 200 variations of Comfoo in circulation. However, Stewart and Jackson weren’t sure whether they were all associated with the “Beijing Group” — the major Chinese cyber crime group associated with Comfoo.
Aside from affirming that the fact that “no news is good news” doesn’t apply to RATs and other forms of advanced malware – since, by design, they try and stay out of the spotlight and thus avoid the headlines — the Dell Secureworks report also pointed to what may be the next chapter in the Comfoo saga: intelligence gathering.
That’s because Comfoo appears to be targeting audio and video conference companies — a tactic that Stewart and Jackson suggest could be designed to gather information that would help cyber criminals attack enterprises that use those services.
Intelligence gathering is a defining characteristic of today’s advanced malware. Unlike viruses that typically attack quickly, broadly and indiscriminately, advanced malware carefully examines a victim’s network infrastructure in order to identify vulnerabilities, which are then fed back to cyber criminals who determine the most effective plan of attack.
To learn more about Seculert’s innovative Advanced Threat Protection Solution — which is designed to detect RATs like Comfoo that go undetected by conventional network security systems — check out the free White Paper, “Combating Advanced Persistent Threats through Detection”.
// ]]>
// ]]>
The post Comfoo Trojan Used in 2010 RSA Attack is Back in Action – Big Time appeared first on Seculert Blog on Advanced Threats and Cyber Security.
