Home Malware Programs Malware Deputy Dog

Deputy Dog

Posted: October 31, 2014

Deputy Dog is a backdoor Trojan seen in prominent zero-day attacks against various Japanese organizations, with further attacks by the same third parties also responsible for cyber assaults against US military personnel and multiple European governments. Besides including backdoor attack features of its own, Deputy Dog also may install other threats, such as the Hikit rootkit. PC users in vulnerable sectors should protect their browsers preemptively, and use suitable anti-malware applications if deleting Deputy Dog becomes necessary.

A Trojan with a Bite Worse than Its Bark

Deputy Dog, also known by the alias of Fexel, is a backdoor Trojan most prominently used in an August 2013 campaign. This campaign, run by the same hacker group responsible for the utilization of threats like Gh0std and Naid, leveraged an Internet Explorer vulnerability on a legitimate but compromised website. Visitors were susceptible to the automatic installation of Deputy Dog via separate Trojan droppers (that deleted themselves after achieving their intended purpose).

Although Microsoft has issued a security patch to correct this vulnerability, originally, the Deputy Dog campaign was a 'zero-day' attack that could not be blocked by security patches. Once installed, Deputy Dog may be capable of the following basic attacks:

  • Deputy Dog may download and launch additional files, including installers for other threats.
  • Deputy Dog may upload files to a remote server (to collect confidential information stored on the compromised machine).
  • Deputy Dog may allow third parties to utilize an affected PC as a proxy server for conducting other attacks against different targets.
  • Lastly, Deputy Dog's general backdoor connection allows Deputy Dog to receive commands from a C&C server, thereby changing settings or modifying files as is deemed appropriate by its admins. The level of access to an infected PC is significant, and standard firewall security features offer no protection.

Collaring a Not-Quite Rabid Trojan

Axiom, the group responsible for Deputy Dog, has, so far, failed to use this Trojan in general attacks against the public. However, sensitively-placed business entities and government systems are favorite targets of Axiom, which has been known to release diverse updates to Trojans like Deputy Dog over the last few years. PC users who have reasons to believe their machines are vulnerable to such attacks should exercise caution over e-mail file attachments and contact with potentially hacked websites.

Since Deputy Dog is meant to grant third parties effectively invisible but complete access to an infected Windows machine, its symptoms are trivial, as are the symptoms of most related threats by Axiom. Updating your anti-malware tools and regularly scanning your computer are the best ways of guaranteeing alerts for Deputy Dog infections, which are likely to be your only signs of such an attack. Malware experts recommend similar protections for other Axiom-related threats, including Sogu, My Door, Darkmoon and Gresim.
template:aliases]

Loading...