Poison Ivy and the "Nitro" AttacksPoison Ivy is the name given to a family of malicious remote administration Trojans first developed in 2005 and still used today for cyberattacks. As a type of remote administration software, once a computer is infected, the attacker has full control of the computer. The most recently documented large-scale use of the software occurred during the "Nitro" attacks from July 2011 to September 2011, which targeted both chemical and defense companies for industrial espionage (Fisher). Information security firm McAfee said five multinational natural gas and oil companies were successfully targeted by Poison Ivy malware, along with 29 other companies identified by Symantec (Finkle). These organizations lost confidential information to the attackers, including confidential bidding plans (for energy companies) and details about manufacturing processes and formulas (for several chemical companies). The malware spread primarily through the use of email attachments. The attackers used social engineering by posing as legitimate business partners or touting security updates. Once employees open the email attachment, their computer would be infected. Once a computer was infected, the attacker had the ability to perform a wide range of actions. Poison Ivy uses a client/server architecture that turns infected machines into “servers” that attackers can access from anywhere there is an Internet connection (Prince). Investigations by Symantec and law enforcement revealed that the attacker's actions were different in each case. In addition to having the ability to browse, copy and download documents from an infected computer, the at...... middle of paper ......users-rash-110311Finkle http:// www.reuters.com/article/2011/10/31/us-cyberattack-chemicals-idUSTRE79U4K920111031http://www.f-secure.com/v-descs/backdoor_w32_poisonivy.shtmlPrince http://www.securityweek.com/poison -ivy-kit-enables -easy-malware-customization-attackersRoberts http://threatpost.com/en_us/blogs/report-hacks-china-shuttered-uk-firm-cost-economy-43-billion-102511Myers http:/ /www.cyberesi.com /2011/10/11/poison-ivy/http://www.kaspersky.com/about/news/virus/2010/Kaspersky_Lab_provides_its_insights_on_Stuxnet_wormMacleanhttp://www.reuters.com/article/2010/09 /24/security-cyber -iran-idUSLDE68N1OI20100924Aleksandr Matrosov, Senior Virus ResearcherEugene Rodionov, Rootkit AnalystDavid Harley, Senior ResearcherJuraj Malcho, Head of Virus Labhttp://go.eset.com/us/resources/white-papers/Stuxnet_Under_the_Microscope .pdf