Cyber Crooks Never Cease To Amaze…

Binary screenThe Trend Micro Trendlabs Second Quarter Security Roundup reports that one of the active Internet malware plaguing computers right now is a trojan called IXESHE…I have no idea where the crooks come up with these names. Here’s a rundown of it’s attributes.

It has been around since 2009, it targets East Asian governments, electronics manufacturers, and a telecommunications company.

It uses targeted attacks that make use of ransomware which threatens to notify the local police force unless they comply with the crooks demands.

It uses data-stealing techniques involving Zeus and CARBERP Trojans and fake anti-virus malware.

All interesting enough, but here’s what really caught my eye. It uses over 60 command and control servers to control it’s botnet. And—they use compromised servers that belong to targeted organizations for those command and control tasks. They use other people’s computers to run their malware-laden botnet!! Other people’s computers!! Amazing!

My first take on this revelation is that cyber crooks can enter the “field” of cyber crime, pretty much on the “cheap” by buying botnet “kits” that are ready to operate, and renting whole botnets on which to ply the malware. So…I thought, why buy 60 servers if they can use other people’s servers?

But on further thought, I believe there’s another reason for this server-trespassing. It’s to protect the botnets from being shut down by killing the command and control servers the botnets run on, as has been done very successfully by law enforcement authorities in recent months. They may think that the law enforcement authorities will hesitate to shut down servers owned by innocent companies. I’d like to hear what others think about this theory.

Reference: Trend Micro Report

As always, I appreciate your comments on this subject…so please do. And be careful out there…it’s extremely dangerous these days.

Don’t miss an article. If you enter your email address in the Email Subscriptions box on the right column of this page, I’ll send you an email when a new article is posted. I don’t share your email address with anyone…no one; I hate spam too. Please share my site with your friends and family. Thanks.

Home computing is a blast…keep it safe, productive and enjoyable.

Best regards,


lubicp(at) and if you twitter, follow me @paulsinternet on Twitter.

Leave a comment

Filed under Cybercrime, In the News, Internet, Internet Security, malware, security

What do you think?

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s