Rumor has that this security threat has been reported spreading malicious file with using social engineering technique such as spam-mail and APT(Advanced Persistent Threat) based type.
Based on the report by Symantec, 48 or more defense industries and chemical companies located in United States of America and United Kingdom have been infected by malicious file named Poison Ivy(Remote control function).
Some of chemical companies are known to be involved for manufacturing military vehicles.
In addition, the result of backtracking the epicenter of cyber attacks, the origin address of PC has identified from China.
* Advanced Persistent Threat (by wikipedia)
* The Nitro Attacks : Stealing Secrets from the Chemical Industry (Image by Symantec)
a. Geographic Location of Infected Computers
b. Country of origin of targeted organizations
2. Spreading path and symptoms of infection
Recently reported security threat aiming at certain company or user is the type of attaching malicious file which contains remote control code and sending on spam mail.
When victim executed this malicious program, control permission and useful information of victim's PC can be leaked.
Nitro attack has its feature which is working itself based on interaction between attacker and victim.
This spam mail contains following contents and attachments and additional variants can be found.
[Types of attachments]
So far, various variants have been found, and currently malicious file related Nitro is expected of generated by automatic generation toolkit.
Furthermore, easily distributing with using Remote Administration Tool such as Poison Ivy and updating integrated module with fortifying function can make security threats higher.
Infected PC can monitor information of victim's PC as following figure.
With some functions of Remote Control Tools such as Poison Ivy, information of victim's PC can be identified.
a. Registry information of victim's PC
b. Screen Capture of victim's PC
c. Other monitoring information
- Remote Shell
- Surveillance(Key Logger, Screen Capture, Webcam Capture)
- Remote Port Scanner
- WiFi Scanner
- Remote PC Information(File, Service, Device, Installed Application etc)
Symantec says that these security threats including Nitro, Advanced Persistent Threat, and Social Engineering can damage certain companies. Besides, leaked information can damage significant loss of assets.
3. How to prevent
Nitro can cause various security threats. To prevent from security threats, following business culture is needed.
* INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with “nProtect Mobile for Android” for mobile such as malicious file stated above and runs responding system against various security threats.
* Diagnosis name