POISON IVY: ASSESSING DAMAGE AND EXTRACTING INTELLIGENCE
Remote access tools (RATs) may be the hacker’s equivalent of training wheels, as they are often regarded in IT security circles. But dismissing this common breed of malware could be a costly mistake. Despite their reputation as a software toy for novice “script kiddies,” RATs remain a linchpin of many sophisticated cyber attacks.
Requiring little technical savvy to use, RATs offer unfettered access to compromised machines. They are deceptively simple—attackers can point and click their way through the target’s network to steal data and intellectual property.
This report spotlights Poison Ivy (PIVY), a RAT that remained popular and effective years after its release, despite its age and familiarity in IT security circles. In conjunction with the study, FireEye released Calamine, a set of free tools to help organizations detect and examine Poison Ivy infections on their systems.