VIRUS DEFINITION
Virus Type: Spyware, Advanced Persistent Threat
What is Blue Termite?
Blue Termite is a cyberespionage campaign that has been targeting hundreds of organisations in Japan for at least two years. The attackers hunt for confidential information and utilise a zero-day Flash player exploit and a sophisticated backdoor, which is customised for each victim.
Who are the victims of its attacks?
Kaspersky Lab has been able to identify several hundred victims, in Japan.
Targets of Blue Termite attacks include in the following sectors:
- Governmental organizations
- Manufacturing
- Financial
- Chemical
- Satellite
- Media
- Medical
- Food
- Education organizations
Am I at risk?
You might be a target for Blue Termite if the following risk factors are relevant to you:
Risk factors:
- If you are in Japan or often travel there and you work for/with an industry targeted by the attackers
- If you regularly visit Japanese websites
- If you use an unpatched Adobe Flash Player
How do I know if I’m infected?
Kaspersky Lab products detect the malware used in Blue Termite campaign as:
- Backdoor.Win32.Emdivi.*
- Backdoor.Win64.Agent.*
- Exploit.SWF.Agent.*
- HEUR:Backdoor.Win32.Generic
- HEUR:Exploit.SWF.Agent.gen
- HEUR:Trojan.Win32.Generic
- Trojan-Downloader.Win32.Agent.*
- Trojan-Dropper.Win32.Agent.*
How can I protect myself?
To protect against Blue Termite attacks, make sure you follow these basic security best practices:
- Regularly scan your PC with an advanced antimalware solution
- Update all third party applications, especially Adobe Flash Player
- Do not visit forums that are known to have been hacked