Executive Summary
Informations | |||
---|---|---|---|
Name | TA15-098A | First vendor Publication | 2015-04-09 |
Vendor | US-CERT | Last vendor Modification | 2015-04-09 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : | |||
---|---|---|---|
Cvss Base Score | Not Defined | Attack Range | Not Defined |
Cvss Impact Score | Not Defined | Attack Complexity | Not Defined |
Cvss Expoit Score | Not Defined | Authentication | Not Defined |
Calculate full CVSS 2.0 Vectors scores |
Detail
Overview AAEH is a family of polymorphic downloaders created with the primary purpose of downloading other malware, including password stealers, rootkits, fake antivirus, and ransomware. The United States Department of Homeland Security (DHS), in collaboration with Europol, the Federal Bureau of Investigation (FBI) and the Department of Justice (DOJ), released this Technical Alert to provide further information about the AAEH botnet, along with prevention and mitigation recommendations. DescriptionAAEH is often propagated across networks, removable drives (USB/CD/DVD), and through ZIP and RAR archive files. Also known as VObfus, VBObfus, Beebone or Changeup, the polymorphic malware has the ability to change its form with every infection. AAEH is a polymorphic downloader with more than 2 million unique samples. Once installed, it morphs every few hours and rapidly spreads across the network. AAEH has been used to download other malware families, such as Zeus, Cryptolocker, ZeroAccess, and Cutwail. ImpactA system infected with AAEH may be employed to distribute malicious software, harvest users' credentials for online services, including banking services, and extort money from users by encrypting key files and then demanding payment in order to return the files to a readable state. AAEH is capable of defeating anti-virus products by blocking connections to IP addresses associated with Internet security companies and by preventing anti-virus tools from running on infected machines. SolutionUsers are recommended to take the following actions to remediate AAEH infections:
Users can consider employing a remediation tool (examples below) that will help with the removal of AAEH from your system. Note: AAEH blocks AV domain names thereby preventing infected users from being able to download remediation tools directly from an AV company. The links below will take you to the tools at the respective AV sites. In the event that the tools cannot be accessed or downloaded from the vendor site, the tools are accessible from Shadowserver (http://aaeh.shadowserver.org). The below are examples only and do not constitute an exhaustive list. The U.S. Government does not endorse or support any particular product or vendor. |
Original Source
Url : http://www.us-cert.gov/cas/techalerts/TA15-098A.html |
Alert History
Date | Informations |
---|---|
2015-04-09 17:24:59 |
|