Trojan a Work of ‘Poetry’

Tuesday, February 5, 2013 @ 05:02 PM gHale

Sometimes people have to shift tactics and they end up using products in new and different ways. The same holds true for cyber criminals as they found new uses for a popular Trojan.

There is a new report out that focuses on the activities of a cybercriminal gang dubbed the “Poetry Group.”

Ransomware Encrypts Data
Ransomware Uses Java Zero Day
Java Zero Day Exploits Ready to Go
Adobe Fixes Acrobat, Reader, Flash

This report from security company McAfee, entitled “Inside the World of the Citadel Trojan,” talks about how the organization “shifted tactics to use Citadel in ways other than what it was originally intended for.”

Since October 2012, the Poetry Group launched over half a dozen malicious campaigns, infecting more than 1,000 computers worldwide.

While this might not seem such a big number, the victims are mostly government offices.

Poland and Denmark appear to be the top targets, followed by Japan. Other victims are in Sweden, Spain, Netherlands, Estonia, Switzerland and the Czech Republic.

The group’s name stems from the fact they embed strings of poetry (some from Shakespeare) into the malware’s binary.

McAfee said the group might be the byproduct of a for-hire data-gathering operation for a private clientele.

Click here to download the report.

Leave a Reply

You must be logged in to post a comment.