Trojan.Hydraq – Typhoon In A Teacup

If you have been following this series on Trojan.Hydraq over the last week you may have noticed that the blog entries have been well, boring. Because of its profile in the media and varying assessments of the threat posed by and the complexity of Trojan.Hydraq we decided to present the facts of the threat.
Threats make their way into mainstream media for various reasons. Sometimes it’s the effectiveness of a threat or the elegance associated with a particular approach taken by a piece of malware. Some use near impenetrable packers to make analysis extremely difficult and some have novel approaches to make the malware more robust and harder to take down.
2010 saw Trojan.Hydraq hit the media. This incident was dubbed “Operation Aurora”. In case there is still any confusion at this stage, the malware used in the Aurora attack is Trojan.Hydraq.
Trojan.Hydraq has been hailed as unique and also as the most sophisticated malware ever seen in the commercial space. This is being a little economical with the truth. The previous entries in the series contrast the features of Hydraq against other more advanced malware that has been around for some time. The vector of delivery, method in which the threat stays resident, techniques used to prevent analysis, the payload, and the possible motivation are all things that have been seen and utilized in (continue reading...)