Last week, the Researchers at the German security company G Data Software have reported about the most complex and sophisticated rootkit malware, Uroburos
which is designed to steal data from secure facilities and has ability
to take control of an infected machine, execute arbitrary commands and
hide system activities.
Recently, British cyber specialist BAE has disclosed the parent Russian malware campaign dubbed as ‘SNAKE’
that remained almost undetected for least eight years while penetrating
highly secured systems. Uroburos rootkit was one of the components of
this campaign.
In a separate Investigation, Western intelligence officers have found
another piece of spyware , infecting hundreds of government computers
across Europe and the United States, known as 'Turla'. Researchers believed that Turla campaign is linked to a previously known campaign 'Red October', a massive global cyber spying operation targeting diplomatic, military and nuclear research networks.
"It is sophisticated malware that's linked to other Russian exploits,
uses encryption and targets western governments. It has Russian paw
prints all over it," said Jim Lewis, a former U.S. foreign service officer.
Yesterday, BAE Systems Applied Intelligence unfolds the ‘extent of venomous’
nature of Snake that uses the novel tricks to by-pass Windows security,
including its ability to hide in the victim's web traffic, bearing all
the hallmarks of a highly sophisticated cyber operation, exploiting
vulnerabilities with the intervention of the user and also has ability
to exploit a privilege escalation vulnerability which enables it to
bypass Windows 64-bit security which is alike to a ‘zero-day' exploit.
"Its design suggests that attackers possess an arsenal of infiltration tools and bears all the hallmarks of a highly sophisticated cyber operation. Most notable is the trick used by the developers to load unsigned malware in 64-bit Windows machines, by-passing a fundamental element of Windows security," said BAE.
The practice was previously known as Agent.BTZ that came to the
surface in 2008 when US Department of Defense sources claimed that its
classified networks had been breached by an early version of the same
virus. It has since been developed with many advanced features that make
it even more flexible and sophisticated than before, BAE said.
According to BAE Systems Applied Intelligence, the malware campaign has
been seen mostly in Eastern Europe, but also in the US, UK and other
Western European countries. The malware can infiltrate Windows XP,
Vista, 7 and 8-based systems.
"Although there has been some awareness of the Snake malware for some years, until now the full scale of its capabilities could not be revealed, and the threat it presents is clearly something that needs to be taken much more seriously," said Martin Sutherland, BAE Systems' applied intelligence managing director.
“The threat described in this report really does raise the bar in
terms of what potential targets, and the security community in general,
have to do to keep ahead of cyber attackers. As the Snake research
clearly illustrates, the challenge of keeping confidential information
safe will continue for many years to come,” he claimed.
Comments