[Information] Nitro attacks aiming at defense industries and chemical companies

1. Information

Oct 31, 2011, Symantec, one of the largest makers of security software for computers, has reported security threat named Nitro.
Rumor has that this security threat has been reported spreading malicious file with using social engineering technique such as spam-mail and APT(Advanced Persistent Threat) based type.

Based on the report by Symantec, 48 or more defense industries and chemical companies located in United States of America and United Kingdom have been infected by malicious file named Poison Ivy(Remote control function).
Some of chemical companies are known to be involved for manufacturing military vehicles.
In addition, the result of backtracking the epicenter of cyber attacks, the origin address of PC has identified from China.

* Advanced Persistent Threat (by wikipedia)

Advanced persistent threat (APT) usually refers to a group, such as a foreign nation state government, with both the capability and the intent to persistently and effectively target a specific entity. The term is commonly used to refer to cyber threats, in particular that of Internet-enabled espionage, but applies equally to other threats such as that of traditional espionage or attack. Other recognised attack vectors include infected media, supply chain compromise, and social engineering. Individuals, such as an individual hacker, are not usually referred to as an APT as they rarely have the resources to be both advanced and persistent even if they are intent on gaining access to, or attacking, a specific target.

* The Nitro Attacks : Stealing Secrets from the Chemical Industry (Image by Symantec)

a. Geographic Location of Infected Computers

b. Country of origin of targeted organizations

2. Spreading path and symptoms of infection

Recently reported security threat aiming at certain company or user is the type of attaching malicious file which contains remote control code and sending on spam mail.
When victim executed this malicious program, control permission and useful information of victim's PC can be leaked.
Nitro attack has its feature which is working itself based on interaction between attacker and victim.
This spam mail contains following contents and attachments and additional variants can be found.

[Types of attachments]
  - Antivirus_update_package.7z
  - acquisition,7z
  - offer.7z
  - update_flashplayer10ax.7z

So far, various variants have been found, and currently malicious file related Nitro is expected of generated by automatic generation toolkit.
Furthermore, easily distributing with using Remote Administration Tool such as Poison Ivy and updating integrated module with fortifying function can make security threats higher.

Infected PC can monitor information of victim's PC as following figure.

With some functions of Remote Control Tools such as Poison Ivy, information of victim's PC can be identified.

a. Registry information of victim's PC

b. Screen Capture of victim's PC

c. Other monitoring information

 - Remote Shell
 - Surveillance(Key Logger, Screen Capture, Webcam Capture)
 - Remote Port Scanner
 - WiFi Scanner
 - Remote PC Information(File, Service, Device, Installed Application etc)

Symantec says that these security threats including Nitro, Advanced Persistent Threat, and Social Engineering can damage certain companies. Besides, leaked information can damage significant loss of assets.

3. How to prevent

Nitro can cause various security threats. To prevent from security threats, following business culture is needed.

1. Educate about important documents and information management
2. Maintain the latest security update on OS and applications
3. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
4. Do not execute media from suspicious or unknown user.

* INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with “nProtect Mobile for Android” for mobile such as malicious file stated above and runs responding system against various security threats.

* Diagnosis name

 - Backdoor/W32.Poison.133511
 - Backdoor/W32.Poison.128421.B
 - Backdoor/W32.Poison.128405
 - Backdoor/W32.Poison.177722
 - Backdoor/W32.Poison.135794
 - Backdoor/W32.Poison.132031
 - Backdoor/W32.Poison.128204
 - Trojan-Dropper/W32.Agent.153938
 - Trojan/W32.Agent2.536397
 - Trojan/W32.Agent2.141530
 - Trojan/W32.Chifrax.150357
 - Trojan/W32.Genome.155705
 - Trojan/W32.Inject.136314
 - Trojan-Downloader/W32.Injecter.532499
 - Trojan-Downloader/W32.Injecter.153026
 - Trojan-Downloader/W32.Injecter.159762
 - Trojan-Downloader/W32.Injecter.150937
 - Trojan-Downloader/W32.Injecter.173068
 - Trojan-Downloader/W32.Injecter.154827


  1. Navigate over here to know about all features and options of keylogger for android.

  2. Wow your article very informative. Thanks for sharing such a useful post.

  3. Thanks for sharing.I found a lot of interesting information here. A really good post, very thankful and hopeful that you will write many more posts like this one.


  4. The article you shared has brought a lot of value to us.

  5. Great work! Love it Also checkout my blog


  6. It is important for theology & religion writing service students to seek Religion & Theology Research Writing Services from a reputable theology & religion research paper service provider for their custom theology & religion assignment writing services.

  7. Mitsubishi Heavy Industries incident. A threat actor targeted defense contractors and private companies involved in research and manufacture of chemicals.

    download link

  8. Hello everyone! I have been looking for more jobs, because I am finding it so tight to live on what I get right now. I have a rent, learners loans to pay, living expenses and I would like to go out to the movie and parties with my lovely friends, and to order some needful stuff for myself. Anyway, I have been telling my guys that I am searching for more works on the side and I was asked if I was interested working online as a writer at one writing company as I am learning as an English language teacher. I have done loads of writing in my previous job, it is not so tough for me and I quite like it. And now I am working there without any difficulties. And I would like to propose you to click on this online https://domyhomeworkfor.me/python-homework-help site if you want to be the coolest student in your college, university or school!

  9. Wales publishers are offering optimized, Best Publication Services in UK to boost the researcher and research communities, by providing accelerated and efficient services to fasten the publishing process and to give more opportunities for research on different disciplines.Wales publication research conferences give the researchers an international platform to discuss their scientific research Open Access Publishing UK work and their edges.We are different from other conferences because the community's member organizes our conferences.

  10. I am happy to be here and this wonderful blog. I have found here lots of important information for my knowledge I need. Thanks for sharing this amazing post. For instant support related to Recover QuickBooks Password please contact our technical expert for help.