Backdoor.APT.Aumlib

Posted: August 13, 2013

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	2/10
Infected PCs:	37

First Seen:	August 13, 2013
OS(es) Affected:	Windows

Backdoor.APT.Aumlib is a backdoor Trojan used in targeted attacks, typically against government agencies and companies involved in the North American telecommunications industry. While Backdoor.APT.Aumlib has been used in attacks against such specific organizations for several years, until now, its last update was in 2011 – with this newest update indicative of its continued use in targeted cyber attacks. Backdoor.APT.Aumlib allows criminals to access your PC by opening a backdoor connection between itself and a remote server, from which point a criminal may perform a variety of attacks against your PC. In light of the past infection vectors of targeted Trojan attacks like Backdoor.APT.Aumlib, SpywareRemove.com malware researchers especially caution potential victims to be careful about opening unusual e-mail attachments and recommend the use of anti-malware software for detecting or removing Backdoor.APT.Aumlib whenever it's necessary.

Backdoor.APT.Aumlib: When a Few Tweaks Make an Old Trojan New

Along with IXESHE – a similar backdoor Trojan also commonly found in targeted backdoor campaigns – Backdoor.APT.Aumlib has been in use in targeted attacks for some time but has recently received significant updates. These updates are designed for concealing Backdoor.APT.Aumlib from being identified by old threat databases; partially encoded Command & Control server communications may prevent outdated anti-malware tools from identifying Backdoor.APT.Aumlib correctly – or at all. Besides its new stealth feature, the most current version of Backdoor.APT.Aumlib still is similar to old versions of Aumlib.

SpywareRemove.com malware experts stress that PCs compromised by Backdoor.APT.Aumlib Trojans are effectively under the control of a remote attacker, who may steal information, install various other forms of malware, infect other PCs through local networks or downgrade your PC's security features. These attacks are far from unusual for any backdoor Trojan, although Backdoor.APT.Aumlib does have the additional headline-worthiness of being used in attacks against specific Western companies and government institutions. Therefore, casual PC users shouldn't expect to encounter Backdoor.APT.Aumlib in the wild.

Tracking Where the Backdoor.APT.Aumlib Campaign Goes from Here

The criminal group of hackers responsible for distributing and managing Backdoor.APT.Aumlib are believed to be Chinese in origin and clearly are ramping Backdoor.APT.Aumlib and Ixeshe up for continued use in the coming months. SpywareRemove.com malware experts stress that most targeted attacks like Backdoor.APT.Aumlib's campaigns usually are initiated through carefully-crafted e-mail messages with malicious file attachments. Deleting suspicious files without opening them or, alternately, scanning them with updated anti-malware products should be considered mandatory for protecting a vulnerable PC from Backdoor.APT.Aumlib.

Along with that, updating your security and anti-malware software always is required by SpywareRemove.com malware experts but is particularly relevant in the case of Backdoor.APT.Aumlib. Backdoor.APT.Aumlib's latest update specifically is intended to evade previous anti-malware signatures that would be able to detect Backdoor.APT.Aumlib's old versions, and having an anti-malware product that isn't updated regularly shouldn't be thought of as a foolproof defense against professionally-managed PC threats like Backdoor.APT.Aumlib.

Technical Details

Additional Information

The following URL's were detected:

get-positive.com