by Staff Writers
Moscow (UPI) Jan 17, 2013
Russia's Kaspersky Labs has uncovered the "Red October" computer virus, used for cyberespionage.
Kaspersky Labs said the Red October malware has been trolling the Internet for the past five years, targeting sensitive information from government departments and major companies worldwide in more than a dozen nations.
According to Kaspersky Lab, the ultimate manager of the Red October network is currently unknown, but traces uncovered in the virus source code point to several countries.
Kaspersky Lab first discovered the carefully hidden Red October coding in late 2012, and as the source program was decrypted, the specialists came to believe that the program was designed to infiltrate targeted computers worldwide. Subjects selected for hacking included government organizations, embassies, military installations, financial corporations and research institutes.
The carefully selected targets were the hard drive contents of computers of institutions deemed strategically important, with Red October seeking classified information, scientific research, and military secrets, Golos Rossii radio station reported on Wednesday.
The biggest question facing Kaspersky Lab analysts is who created the cyberweapon. Kaspersky Lab experts have come to the conclusion that the malware was created by a working group of several dozen programmers. Analyzing the more than 60 network addresses to which the purloined data was sent, the analysts found that the bulk of the host servers for the received data are located in Germany and the Russia Federation, concluding further on the code's development that Russian slang used by Russian software developers was found in the malware's source code.
The Red October Trojan malware exploited security vulnerabilities of popular business software, such as Microsoft Office and Adobe products, with one infected computer being sufficient to compromise an organization's entire computer network.
The Red October cyber criminals used phishing methods to target computers, compromising specific users with access to targeted networks via email, with each attack carefully planned with the malware being specifically reprogrammed for each user.
Kaspersky Lab discussed Red October in detail on its website, reporting that "To determine the victims of cyberespionage Kaspersky Lab experts analyzed data from two main sources: a cloud service Kaspersky Security Network (KSN) and sinkhole-servers for monitoring infected machines overlooking the communication with the command servers
KSN statistics helped discover hundreds of unique infected computers, most of which belonged to embassies, consulates, government agencies and research institutes. A significant part of infected systems was found in Eastern Europe. Sinkhole-server data were obtained during the period from 2 November 2012 to 10 January 2013. During this time there were more than 55,000 connections with 250 infected IP-addresses registered in 39 countries. Most connections from infected IP-addresses were recorded in Switzerland, Kazakhstan and Greece."
Perhaps the most ominous aspect of the Kaspersky Lab analysis is that the malware contains a
"recovery module," allowing operators "to 'resurrect' the infected machines. The module is built as a plug-in for Adobe Reader and Microsoft Office, and provides a second attacker access to the system if the main malware was detected and removed or if there was a system update."
Cyberwar - Internet Security News - Systems and Policy Issues
|The content herein, unless otherwise known to be public domain, are Copyright 1995-2014 - Space Media Network. AFP, UPI and IANS news wire stories are copyright Agence France-Presse, United Press International and Indo-Asia News Service. ESA Portal Reports are copyright European Space Agency. All NASA sourced material is public domain. Additional copyrights may apply in whole or part to other bona fide parties. Advertising does not imply endorsement,agreement or approval of any opinions, statements or information provided by Space Media Network on any Web page published or hosted by Space Media Network. Privacy Statement|