Categories
News

Microsoft’s fight against Poison Ivy

Info of what is known: Poison ivy (Backdoor:Win32/Poisonivy.E) is a backdoor trojan that allows unauthorized access and control of an affected machine. It attempts to hide by injecting itself into other processes.

The following system changes may indicate its infection:
The existence of the following file: c:windows:svvchost.exe
The existence of the following registry entry: “StubPath” With data: “c:windows:svvchost.exe” in the subkey: HKLMSoftwareMicrosoftActive SetupInstalled Components<CLSID>

Microsoft has released a temp fix, while they work on final solution.

“We have received reports of only a small number of targeted attacks and are working to develop a security update to address this issue,” Microsoft stated in an official blog post. Microsoft has recommended that users download the Enhanced Mitigation Experience Toolkit which is designed to help prevent hackers from gaining access to your system.

The toolkit includes several pseudo mitigation technologies aimed at disrupting current exploit techniques. These pseudo mitigations are not robust enough to stop future exploit techniques, but can help prevent users from being compromised by many of the exploits currently in use. The mitigations are also designed so that they can be easily updated as attackers start using new exploit techniques.

For now it is the recommendation of many security experts to use browsers such as Chrome or Firefox.