[Sicurezza] Poison Ivy

Parliamo qui dei rootkit hypervisor-level, ma anche di quale piattaforma mobile preferire o delle ripercussioni di Facebook sulla nostra privacy.
Regole del forum
Avatar utente
Messaggi: 4002
Iscritto il: mer mag 01, 2013 12:59 pm

[Sicurezza] Poison Ivy

Messaggio da Al3x »

http://www.fireeye.com/blog/technical/t ... intel.html

Understanding why Poison Ivy remains one of the most widely used RATs is easy. Controlled through a familiar Windows interface, it offers a bevy of handy features: key logging, screen capture, video capturing, file transfers, password theft, system administration, traffic relaying, and more.

Here is how a typical Poison Ivy attack works:

The attacker sets up a custom PIVY server, tailoring details such as how Poison Ivy will install itself on the target computer, what features are enabled, the encryption password, and so on.
The attacker sends the PIVY server installation file to the targeted computer. Typically, the attacker takes advantage of a zero-day flaw. The target executes the file by opening an infected email attachment, for example, or visiting a compromised website.
The server installation file begins executing on the target machine. To avoid detection by anti-virus software, it downloads additional code as needed through an encrypted communication channel.
Once the PIVY server is up and running on the target machine, the attacker uses a Windows GUI client to control the target computer.
I :amore Sasha

  • Argomenti simili
    Ultimo messaggio