Comfoo

Comfoo appears to be a malware attack sponsored by the China's government. Comfoo is designed to spy on institutions, businesses and governments in the Asia-Pacific. The use of Comfoo in targeted attacks against high profile targets in the region, results in costly consequences and the potential loss of important information. Comfoo was used in an attack carried out against Australian companies in 2010. In that attack, Comfoo was sent out through malicious phishing email messages to various staff members at several Australian businesses. In the 2010 attack, the main malicious component that caught the attention of PC security researchers was a remote access Trojan known as Poison Ivy, with most security news focusing on this malicious component. However, another component in the attack, Comfoo, should have received more attention for its involvement in that high profile attack.

Recently, malware analysts have observed that Comfoo was used in an attack involving a backdoor Trojan similar to Poison Ivy by a criminal group that various security researchers have begun to refer to as the 'Beijing Group'. This group of hackers is considered as a severe threat to computers around the world. Instead of using generalized attacks like other, less dangerous malware attacks, these types of groups are focused on carrying out high profile attacks on important targets. The goal of attacks involving Comfoo is to hunt down valuable intellectual property and then infiltrate high level corporate networks silently and without alerting the target about the presence of the attacker. The 'Beijing Group' seems to be involved in a very high percentage of high profile attacks on corporate and government targets in the Asia-Pacific region.

Comfoo is a RAT, or Remote Access Trojan. One of the most dangerous aspects of Comfoo is that Comfoo has maintained a low profile, not being widely known until recently. There are hundreds of variants of Comfoo, each variant customized to attack a specific target. Malware researchers suspect that infected computers in companies all around the world have been infiltrated, and relayed data back to Comfoo's Command and Control servers. To detect the presence of Comfoo on a computer or network, there are several markers in network traffic and system configuration. Ensuring that all security programs are properly updated and knowing how to avoid social engineering scams are the best ways to prevent Comfoo attacks.