Home page logo
/

isn logo Information Security News mailing list archives

Why Red October malware is the Swiss Army knife of espionage
From: InfoSec News <alerts () infosecnews org>
Date: Fri, 18 Jan 2013 08:52:08 -0600 (CST)

http://arstechnica.com/security/2013/01/why-red-october-malware-is-the-swiss-army-knife-of-espionage/

By Dan Goodin
Ars Technica
Jan 17 2013

The Red October malware that infected hundreds of computer networks in diplomatic, governmental, and scientific research organizations around the world was one of the most advanced espionage platforms ever discovered, researchers with antivirus provider Kaspersky Lab have concluded.

Its operators had more than 1,000 modules at their disposal, allowing them to craft highly advanced infections that were tailored to the unique configurations of infected machines and the profiles of those who used them. Most of the tasks the components carried out—including extracting e-mail passwords and cryptographically hashed account credentials, downloading files from available FTP servers, and collecting browsing history from Chrome, Firefox, Internet Explorer, and Opera—were one-time events. They relied on dynamic link library code that was received from an attacker server, executed in memory, and then immediately discarded. That plan of attack helps explain why the malware remained undetected by antivirus programs for more than five years.

The malware was also capable of using more traditional Windows EXE files to carry out persistent tasks when necessary. One example was modules that waited for an iPhone, Nokia smartphone, or USB drive to be connected to an infected computer. There were also extensions for the Microsoft Word and Adobe Reader programs that watched for specially crafted documents. When they arrived in e-mail, the modules immediately reinstalled the main malware component, ensuring attackers could regain control of a machine in the event that it had been partially disinfected.

The details are contained in 140 pages of technical analysis that concludes Red October dwarfs most other advanced espionage operations, including the Aurora campaign that targeted Google and three dozen other companies three years ago, or the Night Dragon attacks that penetrated energy companies in 2011. The breathtaking breadth of the malware comes into sharp focus, thanks to the unprecedented level of technical detail.

[...]

______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org 

  By Date           By Thread  

Current thread:
  • Why Red October malware is the Swiss Army knife of espionage InfoSec News (Jan 18)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault