Home Malware Programs Backdoors Mdmbot

Mdmbot

Posted: October 31, 2014

Mdmbot is one of the various backdoor Trojans in use by Axiom, a group of Chinese hackers targeting corporations and government entities. Besides hijacking Internet Explorer, Mdmbot also may give third parties effectively full access to an infected PC, install more threats besides itself or disable Windows security features. E-mail and browser security protocols may block Mdmbot's distribution through known channels. After its installation, malware experts recommend removing Mdmbot with anti-malware products best able to detect all of its components and all related threats.

Backdoor Attacks from East to West

The China-based hacker group, Axiom, has a history of extensive and individualized threat campaigns that have gone after targets as high as Google and national defense contractors. These attacks have spread from as far east as Japan to as far west as the US, attacking notable European and Asian entities in-between, as well. Most of Axiom's campaigns have centralized around the use of backdoor Trojans and backdoor-capable rootkits like Mdmbot, which give them the ability to control compromised PCs through instructions based on from a Command & Control server. While Mdmbot is just one of many Trojans used by Axiom, Mdmbot also is found under many variants, with identification complicated by its many aliases (Naid, APT.9002 and Roarur, for example).

Mdmbot may be installed by exploits buried in disguised e-mail attachments or by compromised websites that host exploits of their own. While Microsoft, Adobe and other, relevant companies often are quick to release patches that correct these vulnerabilities, Mdmbot and other Axiom Trojans may install themselves in zero-day attacks. Against such attacks, security patches are of no assistance.

Depending on the version of Mdmbot, it may place files onto your hard drive, or inject its code into the memory processes of other applications. Regardless, Mdmbot fulfills the standard attack features demanded by its admins. These capabilities include letting third parties issue system commands, collect files, analyze exploitable system information and install more threatening software. Certain versions of Mdmbot also may hijack the Internet Explorer homepage, which is the same browser also used to install Mdmbot, in some campaigns.

Keeping Your PC from Being the Latest Axiom of Trojan Insecurity

Mdmbot and other Axiom 'byproducts' don't target the general public but pose a specific threat to national security and infrastructure companies, as well as certain governments throughout the world. Scanning suspect e-mail files and avoiding the use of Internet Explorer may provide some degree of defense from Mdmbot's most well-known distribution exploits. However, Axiom also is known for reinventing its distribution models and backdoor Trojans over time, to the point of updating Mdmbot with significant differences in its structural components.

Backdoor Trojans rarely display overt symptoms, and, in that respect, Mdmbot, does not buck any trends. Malware researchers advise the full use of anti-malware scanning technology when identifying Mdmbot is appropriate. However, updated threat databases also are important for guaranteeing the greatest chance of deleting Mdmbot and other, equally variant-prone Trojans.

Loading...