Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

New Symantec White Paper Examines Crisis Malware

If you’re an administrator or security team member for your organization’s network, you’ve likely heard about the Crisis malware at some point in your risk management research. On Friday, Symantec published a new white paper on the malware, with a rounded overview into its history and details of its capabilities.

If you’re an administrator or security team member for your organization’s network, you’ve likely heard about the Crisis malware at some point in your risk management research. On Friday, Symantec published a new white paper on the malware, with a rounded overview into its history and details of its capabilities.

Crisis was discovered in July, by accident, in the massive sample repositories provided to the AV industry by Virus Total. Mac-based AV firm Intego broke the story, and gave it a good deal of attention, because the malware itself is capable of infecting systems running Mac OS X and Windows.

At the time, we here at SecurityWeek felt the threat was over-hyped. We are still taking that stance, because the overall threat Crisis represents is mitigated by the various protection layers commonly deployed within a given network – including IDS, IPS, endpoint protections, and proactive gateway defenses.

Yet, we’ll freely admit Crisis is something worth watching. While some vendors overhyped the crisis that is – ahem – crisis; there’s no denying that it was evolved. The ability to create a backdoor into a system isn’t just an OS X attack vector; Crisis can do that on Windows systems too. Moreover, it can attack virtual machines, and once it’s installed on any of the three it can then move on to other functions.

Crisis can be used to capture Wi-Fi data in order to triangulate position, it can upload and download files on a compromised host, it can record video and audio, log keystrokes, copy clipboard data, snatch address book details, log IM data, monitor browser sessions, capture social networking data, and take screenshots. In short, Crisis packs a punch, provided it isn’t detected during the initial payload delivery.

Crisis Malware

“The features found in this malware suggest that it may have been designed for the purpose of either private investigation or espionage, and are much more advanced than those found in the average information stealing malware,” Takashi Katsuki, a Software Engineer from Symantec explained in the white paper.

Yet, there is no proof that Crisis is a law enforcement tool, only speculation. Still, Symantec believes that the malware will only continue to evolve. 

“In our research into Crisis, we have seen older samples of the malware that did not have virtual machine propagation techniques or the presence of the social function,” the white paper noted. “By observing variants and the timeline of creation, we can surmise that there is continued investment and development of the Crisis malware. The demand for private IT investigations and espionage will never disappear and, so long as there is customer demand, it is likely that we will see new functionality emerging in this area in the near future.”

Advertisement. Scroll to continue reading.

“The features found in this malware suggest that it may have been designed for the purpose of either private investigation or espionage, and are much more advanced than those found in the average information stealing malware,” the report concludes.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.