Sunday, November 6, 2011

Microsoft Malware Protection Center Threat Report - Poison Ivy

This Microsoft® Malware Protection Center (MMPC) Threat Report provides an overview of the Win32/Poison (Poison Ivy) family of malware. The Report examines the background and functionality of Poison Ivy, and provides telemetry data and analysis. This Report also discusses how Poison Ivy is detected and removed by Microsoft antimalware products and services.


Poison Ivy has been identified in a number of APT attacks against corporations (e.g RSA and Chemical Industry Nitro Attacks) and human right organizations. ZXShell is another favorite backdoor.

In one case study, outlined by Mandiant in 2010, they found 10 different Poison Ivy variants (along with other malware, including some custom) on an attack of a smaller enterprise (2000 systems) - all attributed to a single APT group. (Case Study starts on Page 44)

No comments:

Post a Comment