PoisonIvy is a remote access trojan that enables key logging, screen capturing, video capturing, file transfers, system administration, password theft, and traffic relaying.[1] It was created around 2005 by a Chinese hacker[2] and has been used in several prominent hacks, including a breach of the RSA SecurID authentication tool and the Nitro attacks on chemical companies, both in 2011.[3][4][5][6][7][8] Another name for the malware is "Backdoor.Darkmoon".[9]

References

  1. "POISON IVY: Assessing Damage and Extracting Intelligence" (PDF). FireEye. Retrieved March 11, 2021.
  2. Keizer, Gregg (31 October 2011). "'Nitro' hackers use stock malware to steal chemical, defense secrets". Computerworld.
  3. "Poison Ivy NJCCIC Threat Profile". nj.gov. NJCCIC. April 12, 2017. Retrieved March 11, 2021.
  4. Higgins, Kelly Jackson (21 August 2013). "Poison Ivy Trojan Just Won't Die". DARK Reading. Retrieved 12 March 2021.
  5. Kirk, Jeremy (22 August 2013). "Poison Ivy Trojan used in RSA SecurID attack still popular". InfoWorld. Retrieved 12 March 2021.
  6. Mills, Elinor (5 April 2011). "Attack on RSA used zero-day Flash exploit in Excel". CNET. Archived from the original on 17 July 2011.
  7. "'Nitro attacks' continue". Virus Bulletin. 13 December 2011.
  8. Phneah, Ellyne (1 November 2011). "'Nitro' attack targets chemical firms". ZDNet.
  9. Fisher, Dennis (30 August 2012). "Use of Java Zero-Day Flaws Tied to Nitro Attack Crew". threatpost. Retrieved 7 April 2021.
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.