Establishments in Taiwan, Japan, South Korea and the U.S. have been attacked by a newly discovered Malware called Dripion. Dripion is a custom program that creates a back door into computers. It is installed through another malicious software called Blugger.
Blugger, using encryption to hide its communication, downloads Dripion from English-language blogs. The blogs could be legitimate sites that are compromised, or fake sites created by the attackers, it’s uncertain.
Dripion uses command and control servers with names that are similar to many antivirus companies, making the communication seem legitimate. Users and technologists often mistake the communication for updates to their antivirus programs. What’s really happening is Dripion creates an encrypted backdoor channel to pull information from infected computers slowly and methodically over time, as well as allow attackers to upload other programs.
Dripion was discovered by Symantec who claims the infections have been going unnoticed since as far back as 2009. The code was created completely custom from scratch. Dripion proves that custom developed malware used in a small number of well-directed attacks will get passed most anti-malware defenses, and can remain undetected for a long time. The solution is a multi-layered security approach.