The Trojan used is called Poison Ivy and makes it possible to remotely control an infected computer. According to information received by Symantec, it appears that the attack was directed from servers in China.
Poison Ivy is also created in China and has been available for download on the internet for some time. Hackers can easily download the Trojan and customize it for their own purposes.
– The Nitro attack was not as sophisticated as Stuxnet, but there were some similarities with other advanced attacks, says Jeff Wilhelm at Symantec.
29 of the 48 companies infected in the attack deal with chemicals and other advanced materials. The remaining 19 companies work in the defense industry.
A dozen of the companies were American and the rest from Great Britain, Italy, Denmark, the Netherlands and Japan. It is not clear how much damage the attack has resulted in.
IDG News