Executive Summary
Informations | |||
---|---|---|---|
Name | TA15-105A | First vendor Publication | 2015-04-15 |
Vendor | US-CERT | Last vendor Modification | 2015-04-15 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : | |||
---|---|---|---|
Cvss Base Score | Not Defined | Attack Range | Not Defined |
Cvss Impact Score | Not Defined | Attack Complexity | Not Defined |
Cvss Expoit Score | Not Defined | Authentication | Not Defined |
Calculate full CVSS 2.0 Vectors scores |
Detail
Overview The Simda botnet – a network of computers infected with self-propagating malware – has compromised more than 770,000 computers worldwide [1]. The United States Department of Homeland Security (DHS), in collaboration with Interpol and the Federal Bureau of Investigation (FBI), has released this Technical Alert to provide further information about the Simda botnet, along with prevention and mitigation recommendations. DescriptionSince 2009, cyber criminals have been targeting computers with unpatched software and compromising them with Simda malware [2]. This malware may re-route a user’s Internet traffic to websites under criminal control or can be used to install additional malware. The malicious actors control the network of compromised systems (botnet) through backdoors, giving them remote access to carry out additional attacks or to “sell” control of the botnet to other criminals [1]. The backdoors also morph their presence every few hours, allowing low anti-virus detection rates and the means for stealthy operation [3]. ImpactA system infected with Simda may allow cyber criminals to harvest user credentials, including banking information; install additional malware; or cause other malicious attacks. The breadth of infected systems allows Simda operators flexibility to load custom features tailored to individual targets. SolutionUsers are recommended to take the following actions to remediate Simda infections:
Kaspersky Lab : http://www.kaspersky.com/security-scan Microsoft: http://www.microsoft.com/security/scanner/en-us/default.aspx Trend Micro: http://housecall.trendmicro.com/
Cyber Defense Institute: http://www.cyberdefense.jp/simda/ The above are examples only and do not constitute an exhaustive list. The U.S. government does not endorse or support any particular product or vendor. |
Original Source
Url : http://www.us-cert.gov/cas/techalerts/TA15-105A.html |
Alert History
Date | Informations |
---|---|
2015-04-15 17:25:22 |
|