File infector Expiro hits US, steals FTP credentials
Revision as of 23:31, 30 July 2013 by Eric.freyssinet (talk | contribs)
(Publication) Google search: [1]
| File infector Expiro hits US, steals FTP credentials | |
|---|---|
| Botnet | Expiro |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2013 / 2013-07-15 |
| Editor/Conference | Trend Micro |
| Link | http://blog.trendmicro.com/trendlabs-security-intelligence/file-infector-expiro-hits-us-steals-ftp-credentials/ blog.trendmicro.com (blog.trendmicro.com Archive copy) |
| Author | Rhena Inocencio |
| Type | Blogpost |
Abstract
“ An unusual attack has been spotted in the wild, using an unexpected combination of threats. This attack used exploit kits (in particular Java and PDF exploits) to deliver file infectors onto vulnerable systems. Interestingly, these file infectors have information theft routines, which is a behavior not usually found among file infectors. These malware are part of PE_EXPIRO family, file infectors that was first spotted spotted in 2010. In addition to standard file infection routines, the variants seen in this attack also have information theft routines, an uncommon routine for file infectors.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2013BFR1361,
editor = {Trend Micro},
author = {Rhena Inocencio},
title = {File infector Expiro hits US, steals FTP credentials},
date = {15},
month = Jul,
year = {2013},
howpublished = {\url{http://blog.trendmicro.com/trendlabs-security-intelligence/file-infector-expiro-hits-us-steals-ftp-credentials/ blog.trendmicro.com}},
}