ESET researchers have discovered LightNeuron , a backdoor that affects Microsoft Exchange mail servers. It can read, modify or block any email that passes on the server. It can even write new emails and send them under the guise of a legitimate user, chosen by an attacker. The malware hides itself in PDF and JPG documents and uses steganography to present incoming emails as harmless. Thus hides itself form mail filters.
ESET malware researcher said that LightNeuron is the first known malware that misuses the mechanism of the Microsoft Exchange Transport Agent.
Turla LightNeuron has two main components a Transport Agent that is registered in the Microsoft Exchange configuration, and a companion 64-bit DLL containing most of the malicious code.
Turla LightNeuron Transport Agent Sample Signatures
Turla LightNeuron Transport Agent Sample Download
Turla LightNeuron Companion DLL Sample Signatures
Turla LightNeuron Companion DLL Sample Download