LFI to RCE via access_log injection

Sophisticated Russian Malware 'SNAKE' and 'Turla' targets Governments and Military Networks

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhcwkBNpKgozBhwRF3vH7a8y3jldkZvyX8o6gPWsh8EoyY0NTBzTPpTM9RIZAgSL6ALuXsBivZCZhM194FsFr-GD0OoE6vK_VcLtvr4JnaZYnJxR9zFsd561NBT6nVmrwlca_YyhQzzOuBr/s728/Russian-malware-the-snake-campaign.jpg

Last week, the Researchers at the German security company G Data Software have reported about the most complex and sophisticated rootkit  malware, Uroburos which is designed to steal data from secure facilities and has ability to take control of an infected machine, execute arbitrary commands and hide system activities.
Recently, British cyber specialist BAE has disclosed the parent Russian malware campaign dubbed as ‘SNAKE’ that remained almost undetected for least eight years while penetrating highly secured systems. Uroburos rootkit was one of the components of this campaign.

In a separate Investigation, Western intelligence officers have found another piece of spyware , infecting hundreds of government computers across Europe and the United States, known as 'Turla'. Researchers believed that Turla campaign is linked to a previously known campaign 'Red October', a massive global cyber spying operation targeting diplomatic, military and nuclear research networks.
"It is sophisticated malware that's linked to other Russian exploits, uses encryption and targets western governments. It has Russian paw prints all over it," said Jim Lewis, a former U.S. foreign service officer.
Yesterday, BAE Systems Applied Intelligence unfolds the ‘extent of venomous’ nature of Snake that uses the novel tricks to by-pass Windows security, including its ability to hide in the victim's web traffic, bearing all the hallmarks of a highly sophisticated cyber operation, exploiting vulnerabilities with the intervention of the user and also has ability to exploit a privilege escalation vulnerability which enables it to bypass Windows 64-bit security which is alike to a ‘zero-day' exploit.
"Its design suggests that attackers possess an arsenal of infiltration tools and bears all the hallmarks of a highly sophisticated cyber operation. Most notable is the trick used by the developers to load unsigned malware in 64-bit Windows machines, by-passing a fundamental element of Windows security," said BAE.
The practice was previously known as Agent.BTZ that came to the surface in 2008 when US Department of Defense sources claimed that its classified networks had been breached by an early version of the same virus. It has since been developed with many advanced features that make it even more flexible and sophisticated than before, BAE said.
According to BAE Systems Applied Intelligence, the malware campaign has been seen mostly in Eastern Europe, but also in the US, UK and other Western European countries. The malware can infiltrate Windows XP, Vista, 7 and 8-based systems.
"Although there has been some awareness of the Snake malware for some years, until now the full scale of its capabilities could not be revealed, and the threat it presents is clearly something that needs to be taken much more seriously," said Martin Sutherland, BAE Systems' applied intelligence managing director.
The threat described in this report really does raise the bar in terms of what potential targets, and the security community in general, have to do to keep ahead of cyber attackers. As the Snake research clearly illustrates, the challenge of keeping confidential information safe will continue for many years to come,” he claimed.

Comments