Nitro Hackers continue the cyber attack on Chemical Industries

Nitro Hackers still continue the Cyber Attack on chemical Industries ,a recent report from Symantec says. The Nitro attack started in July 2011 and still continues. Hackers used to social engineering tricks , sending a fake mails to Chemical industries with Malware attachment.(read more about the Nitro Attacks).

Recently, Symantec.cloud intercepted a spam mail that masquerades as Symantec Security Team and ask to download a password protectedattachment. The attachment has a malware(Variant of Poison Ivy). The attachment named as "the_nitro_attackspdf.7z" , it contains a file called "the_nitro_attackspdf              .exe".
 The Self-Extracting executable files creates a lsass.exe(Poison IVY) and creates a PDF File. This PDF file is none other than Symantec Nitro Attacks document!

The server(virus) lass.exe copies itself to “%System%\web\service.exe” and attempts to connect to the domain “luckysun.no-ip.org”.This domain resolves to an IP, which is hosted by the same hosting provider that hosted most of the previously encountered IP addresses.
“Despite the publishing of the whitepaper, this group persists in continuing their activities unchecked. They are using the exact same techniques - even using the same hosting provider for their command and control (C&C) servers,” researchers Tony Millington and Gavin O’Gorman said.

The domains used in this attack were disabled and Symantec have contacted the hosting provider to make sure the necessary steps are taken. Symantec.cloud protects their customer from these type of attacks.

Visitors

Free counters!

Receive all updates via Facebook. Just Click the Like Button Below...

Powered By MauriHackerS

Translate

MauriHackerS - Providing Latest IT Security and Hacking News !