Kaba
Posted: November 6, 2014
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 89 |
| First Seen: | November 6, 2014 |
|---|---|
| OS(es) Affected: | Windows |
Kaba is one in a series of backdoor Trojans employed by the Chinese hacking group of Axiom, which has conducted extensive and well-organized threat campaigns against prominent companies, non-profits and national governments around the world. Although Kaba may occupy a 'middleman' position, wherein its main purpose is to install even worse threats than itself, Kaba does include backdoor attacks that could let third parties access a PC with minimal restraints. Deleting Kaba with anti-malware software obviously is a high-priority response, but paying proper attention to e-mail security may limit its distribution.
Why You Should Double-Check Your Documents Before Trusting in Excel
Kaba, bearing numerous aliases that include PlugX, Sogu and DestroyRAT, is a backdoor Trojan that makes contact with a remote server. This contact is meant to give third parties an entry point to issue commands, install threats or gather files. While malware experts have noted that Kaba's current level of distribution is low, this largely happens thanks to the high degree of expertness in its attacks, which target government branches, NGOs and corporate entities. Kaba's normal entry method is via e-mail attachments bearing the file suffixes of spreadsheets or text documents. However, Kaba also may be installed through a compromised website.
Kaba also may use different methods to run its code. Of these methods, perhaps the most infamous is the feature of some Kaba variants to exploit McAfee-brand anti-virus software, forcing the applications to load fraudulent DLL components of the Trojan. Separately from its variant designs, Kaba also may include consistent payload capabilities:
- Kaba may receive instructions from a C&C server enabling Kaba to change security settings, including disabling some safety features.
- Kaba may install secondary threats, such as the PoisonIvy RAT.
- Files on a compromised PC may be uploaded by Kaba to its C&C server, insuring the easy theft of information.
Keeping Your E-mail Clean of Kaba Problems
Although probable targets of Kaba campaigns by Axiom and other third parties are unlikely to be able to prevent e-mail attacks completely, they can take steps to block the installation of Kaba or similar Trojans, such as Fexel. Scanning documents that have the potential to host Kaba-installing vulnerabilities can give your anti-malware products chances to identify the threat. Installing all available updates also can insure that non-zero-day exploits can't be used to install Kaba, although zero-day attacks may only be identifiable heuristically.
Since Kaba may be installed by related threats, and install other threats as a part of its payload, any attempts to remove Kaba should use methods that can detect related threats, as well. While Kaba has many variants, prominent anti-malware brands also have developed various identification methods for this backdoor Trojan, which should provide the necessary protection when preemptive solutions falter.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.