Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

APT malware NetTraveler learning new tricks

John P. Mello | Sept. 5, 2013
Advanced Persistent Threat exploits Java vulnerabilities, embraces watering hole technique, says researcher

Because NetTraveler exploits known vulnerability, it's less advanced than APTs that use less known or unknown vulnerabilities, Sherry asserted.

"This vulnerability has been persistent for several months now," he said, "and if end users were running appropriate anti-virus and updated patches, they would have been protected from this vulnerability."

Patching systems, however, is a problem even for companies with a management system in place to do it, said Scott Gordon, CMO of ForeScout Technologies. That's because the patching process can be gap prone.

"We find that from five to 25 percent of operating environment where there's change management and patching there's a gap where the management system is saying one thing and the host configuration is not in parity," Gordon said in an interview.

"Five percent in a 100 to 200 endpoint operating environment may not be a big deal," he said. "But once you get into the thousands, it starts adding up and your gap is larger."

Although NetTraveler's handlers are exploiting a well-known vulnerability now, that may not be the case in the future. "I suspect they will rely less on the main NetTraveler malware they're known for," said Nart Villeneuve, a senior threat intelligence researcher at FireEye.

"They'll start to rely on less well-known pieces of malware that they have in their arsenal," he said.

While those handlers have diverged from the days of exploiting Microsoft Office vulnerabilities, they aren't about to create another Stuxnet.

"They don't seem to enlist an elite offensive technical skillset," Kurt Baumgartner, a senior security researcher at Kaspersky, said in an email. "So their progress will most likely push towards modes of delivering client side attacks, and not more advanced exploitation."

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.