With all of the security ramblings over the past several days hovered around Flame, it is easy to overlook the fact that difficult-to-detect malware largely has become a hacker fait accompli, agnostic of organization or geographic location.
IXESHE (pronounced i-sushi) is just the latest advanced persistent threat campaign that is siphoning coveted information from its unsuspecting targets. Trend Micro researchers have studied the threat since July 2009, and five of them just released a 19-page paper (PDF) the topic.
Tom Kellermann, vice president of cyber security at Trend, joined me on the SC Magazine podcast to discuss the botnet, as well as the failings of the anti-virus industry.
IXESHE is responsible for compromising a slew of organizations, including East Asian government agencies, Taiwanese electronic manufacturers and a German telecom company. Victims typically are owned via traditional means, by clicking on a slickly created email lure. But what makes the threat so noteworthy is that its command-and-control hub — by which it instructs the computers under its control on what actions to take — is actually located within the host networks that were compromised, a process known as “colonization,” rather than remotely.
“You’re seeing new levels of sophistication and stealth with regard to how they maintain the command and control on the systems,” Kellermann told me.
Kellermann dives into the botnet’s structure, describes what organizations can do to defeat such threats, and also concedes the struggles that high-profile security providers are having in detecting malware such as IXESHE, and explains why Trend Micro is not really in the traditional anti-malware game anymore.