ALL YOUR IT. SIMPLIFIED.
Cybersecurity for middle market operations
Do you know what questions to ask when you're looking for an IT firm? We're here to help. Get the free guide delivered right to your inbox:
A look at the latest version of the IceXLoader malware, which has infected more than a million Windows machines in the past year and is believed to be used by a number of threat actors.
The malware is a dropper that overwrites the hard drive of an infected system with copies of itself. The worm is spread through spam and exploit kits, and the update appears to have been in development for over a year before its release.
Researchers at Malwarebytes said they were able to take control of over 1,000 machines per day using the new version. They also noted that "the malicious software operates without significant detection on systems up to and including Windows 10".
IceXLoader is a piece of malware known to be used by threat actors as part of complex campaigns.
Before the release of the latest version, a typical IceXLoader attack might have gone like this: an attacker would visit a compromised website which displayed a malicious Flash or Java applet or exploit file that downloaded and installed additional malware; this in turn would install an IceXLoader dropper on the victim's machine.
Once installed, IceXLoader would contact command-and-control servers. These servers would then attempt to provide IceXLoader with additional instructions, such as downloading and executing additional files and exfiltrating information; in return they received instructions on what to do next.
