By GoldSparrow in Malware

ISMAgent is a DNS tunneling gadget used to attack financial, chemical, governmental and energy organizations in the Middle East especially. ISMAgent has a built-in feature that defines the amount of time it should wait to try a new execution of the tool. ISMAgent can use two different ways to share information with its Command and Control server, which are DNS tunneling and HTTP requests.

The transmitted data will be transferred to a GUID field, which will be used by the Trojan as the commands it should perform on the targeted machine, as well as its only identifier. The real intention behind attacks like ISMAgent and their magnitude are not clear entirely, but there's one thing that we can be certain. No One will spend money, time and efforts creating a threat without malicious intent. Therefore, all we can do is to try to prevent been infected by them.


Most Viewed