Skip to main content

Warning: the AAEH botnet, along with prevention and mitigation recommendations.




'Systems Affected
  • Microsoft Windows 95, 98, Me, 2000, XP, Vista, 7, and 8
  • Microsoft Server 2003, Server 2008, Server 2008 R2, and Server 2012

Overview

AAEH is a family of polymorphic downloaders created with the primary purpose of downloading other malware, including password stealers, rootkits, fake antivirus, and ransomware.

The United States Department of Homeland Security (DHS), in collaboration with Europol, the Federal Bureau of Investigation (FBI) and the Department of Justice (DOJ), released this Technical Alert to provide further information about the AAEH botnet, along with prevention and mitigation recommendations.

Description

AAEH is often propagated across networks, removable drives (USB/CD/DVD), and through ZIP and RAR archive files. Also known as VObfus, VBObfus, Beebone or Changeup, the polymorphic malware has the ability to change its form with every infection. AAEH is a polymorphic downloader with more than 2 million unique samples. Once installed, it morphs every few hours and rapidly spreads across the network.  AAEH has been used to download other malware families, such as Zeus, Cryptolocker, ZeroAccess, and Cutwail.

Impact
A system infected with AAEH may be employed to distribute malicious software, harvest users' credentials for online services, including banking services, and extort money from users by encrypting key files and then demanding payment in order to return the files to a readable state. AAEH is capable of defeating anti-virus products by blocking connections to IP addresses associated with Internet security companies and by preventing anti-virus tools from running on infected machines.  

Solution
Users are recommended to take the following actions to remediate AAEH infections:
  • Use and maintain anti-virus software - Anti-virus software recognizes and protects your computer against most known viruses. It is important to keep your anti-virus software up-to-date (see Understanding Anti-Virus Software for more information).
  • Change your passwords - Your original passwords may have been compromised during the infection, so you should change them (see Choosing and Protecting Passwords for more information).
  • Keep your operating system and application software up-to-date - Install software patches so that attackers can't take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it (see Understanding Patches for more information).
  • Use anti-malware tools - Using a legitimate program that identifies and removes malware can help eliminate an infection.
Users can consider employing a remediation tool (examples below) that will help with the removal of AAEH from your system.
Note: AAEH blocks AV domain names thereby preventing infected users from being able to download remediation tools directly from an AV company. The links below will take you to the tools at the respective AV sites. In the event that the tools cannot be accessed or downloaded from the vendor site, the tools are accessible from Shadowserver (http://aaeh.shadowserver.org).
The below are examples only and do not constitute an exhaustive list. Connectikpeople.co does not endorse or support any particular product or vendor'.
References

Popular posts from this blog

IBM Cloud, Bluemix + Apple Swift for mobile app front-end and back-end development

It is exciting to see progressively that, the compelling open source architecture brings peace in minds and boosts deep innovation within leading tech companies.Introduced in 2014, Swift which is henceforth open sourced is becoming one of the fastest growing and most widely used programming languages.
The momentum is profound at IBM with the release of its Swift Sandbox for early exploration of server-side programming in Swift.
By to bring Swift to the Cloud IBM is sharing its deep understanding of the advantages of Swift and the knowledge; the company is committed to maturing the use of Swift as a server-side language for enterprise development with the goal to break down barriers between front-end and back-end development, which can provide enterprises a single language to build rich experiences and back-end business logic.

Integrated Email in our mobile-driven world.

Email remains our faithful companion, when it comes to interact with others anywhere and anytime. With the increasing adoption of social platforms, the flexibility and the productivity brought by the emerging technologies, the traditional inbox becomes an intelligent and intuitive tool that makes you more effective from anywhere.
It can automatically surface your important email; help you, work across all your accounts; help you focus on what matters; schedule what you want at any time you want; share available times, schedule meetings; View and attach files from your Dropbox, Google Drive, Microsoft OneDrive and email accounts with just a few taps. Integrated email also helps you find your important emails, people and files; Discover the people with whom you communicate most; Access all related emails, meetings and files to manage relationships better than ever.
Acompli, paves its way within this vertical. 
It supports Microsoft Exchange, Office 365, Google Apps, Gmail, iCloud, Yahoo, Ou…

4D Geographic Information System (GIS) data

It is interesting to observe that, vendors are focusing on the development of 4D GIS software. 4D GIS data includes 2D data, 3Ddata, and data regarding time change. An integrated database with real-time monitoring is required to generate 4D data. 
4DMapper is an Australia-based company that puts multi-source and multi-format geospatial data, including 3D and 4D GIS, on the cloud and streams it to browsers after rasterization and vectoring.