TA15-098A: AAEH

Discussion in 'Security Alerts' started by News, Apr 9, 2015.

  1. News

    News Extraordinary Robot
    News Feed

    Joined:
    Jun 27, 2006
    Messages:
    26,192
    Likes Received:
    20
    Original release date: April 09, 2015
    Systems Affected

    • Microsoft Windows 95, 98, Me, 2000, XP, Vista, 7, and 8
    • Microsoft Server 2003, Server 2008, Server 2008 R2, and Server 2012
    Overview


    AAEH is a family of polymorphic downloaders created with the primary purpose of downloading other malware, including password stealers, rootkits, fake antivirus, and ransomware.

    The United States Department of Homeland Security (DHS), in collaboration with Europol, the Federal Bureau of Investigation (FBI) and the Department of Justice (DOJ), released this Technical Alert to provide further information about the AAEH botnet, along with prevention and mitigation recommendations.

    Description


    AAEH is often propagated across networks, removable drives (USB/CD/DVD), and through ZIP and RAR archive files. Also known as VObfus, VBObfus, Beebone or Changeup, the polymorphic malware has the ability to change its form with every infection. AAEH is a polymorphic downloader with more than 2 million unique samples. Once installed, it morphs every few hours and rapidly spreads across the network. AAEH has been used to download other malware families, such as Zeus, Cryptolocker, ZeroAccess, and Cutwail.

    Impact


    A system infected with AAEH may be employed to distribute malicious software, harvest users' credentials for online services, including banking services, and extort money from users by encrypting key files and then demanding payment in order to return the files to a readable state. AAEH is capable of defeating anti-virus products by blocking connections to IP addresses associated with Internet security companies and by preventing anti-virus tools from running on infected machines.

    Solution


    Users are recommended to take the following actions to remediate AAEH infections:

    References

    Revision History

    • April 9, 2015: Initial Release

    This product is provided subject to this Notification and this Privacy & Use policy.

    Continue reading...
     

Share This Page

Loading...