 |
| India and Vietnam |
In our never-ending quest to spot and expose the nastiest of the Internet, me and Mark this time incidentally stepped into a targeted attacks campaign apparently directed at a distributed and diversified base of victims. In this blog post we'll analyze two specific incidents apparently targeting victims in Vietnam and in Indiaand we'll describe the capabilities of the custom backdoor being used that for convenience (and to our knowledge, for a lack of an existing name) we call KeyBoy, due to a string present in one of the samples.
We'll describe how the attackers operate these backdoors, provide some scripts useful to further investigate the campaign as well as meanings to detect infections or scout for additional samples.
