Communications of the ACM
Madi Malware: Advanced Persistent Threat or Just a Threat?
Madi malware has returned with improved features.
Credit: International Business Times
When Kaspersky Labs announced its discovery and monitoring of the Madi malware, it was quickly labeled by many as an advanced persistent threat (APT), which initiated a semantic argument about the use of the term.
"We see many attacks from 'APT' where the 'A' really isn't applicable," says Kaspersky's Roel Schouwenberg, who finds the contemporary use of the term unhelpful due to the confusion it causes.
Symantec Security Response's Liam O Murchu says the term originally referred to stealthy, targeted attacks employing advanced techniques such as zero-day vulnerabilities to stay hidden as they did their damage. However, now almost any stealthy, prolonged attack designed to steal intellectual property or target industrial systems, regardless of its sophistication, is identified as an APT. This is the case with Madi, which remained hidden and stole gigabytes worth of data from its roughly 800 targeted victims, but used relatively simple social-engineering techniques to infect machines and made no use of zero-day exploits.
The attackers' infection methodology involved getting users to open up PowerPoint slideshows containing the malware.
From Dark Reading
View Full Article
Abstracts Copyright © 2012 Information Inc., Bethesda, Maryland, USA
No entries found