THN-‘MiniDuke’ Malware Utlilizes Adobe Exploit

Add Your Comments

(The Hosting News) – Security firm Kaspersky on Wednesday announced the discovery of a new malware virus taking advantage of a PDF exploit for Adobe Reader.

Called MiniDuke, the malware has hit a number of targets including the governments of such countries as Portugal, Ukraine, the Czech Republic and Romania. Meanwhile, Kaspersky Lab CEO Eugene Kaspersky referred to it as a “very unusual cyberattack.”

Kaspersky also noted that the hostile platform relied on an “old school” technique and that its administrators were still active.

“I remember this style of malicious programming from the end of the 1990s and the beginning of the 2000s. I wonder if these types of malware writers, who have been in hibernation for more than a decade, have suddenly awoken and joined the sophisticated group of threat actors active in the cyberworld. These elite, “old school” malware writers were extremely effective in the past at creating highly complex viruses, and are now combining these skills with the newly advanced sandbox-evading exploits to target government entities or research institutions in several countries,” Eugene Kaspersky commented in a press release.

The security company said that MiniDuke relies on a 20kb small downloader containing what’s described as a “customized backdoor.”

“When loaded at system boot, the downloader uses a set of mathematical calculations to determine the computer’s unique fingerprint, and in turn uses this data to uniquely encrypt its communications later. It is also programmed to avoid analysis by a hardcoded set of tools in certain environments like VMware. If it finds any of these indicators it will run idle in the environment instead of moving to another stage and exposing more of its functionality by decrypting itself further; this indicates the malware writers know exactly what antivirus and IT security professionals are doing in order to analyze and identify malware,” noted Kaspersky.

Also in the mix is social network Twitter which the virus utilizes with tags containing encrypted URLS using access to C2s. GIF files on a victim’s hard drive contain the encrypted backdoors.

Kaspersky has been noted for its work finding a number of high profiles viruses including Flame. Last month, the company detailed ‘Red October,’ an espionage network .

Source: ‘MiniDuke’ Malware Utlilizes Adobe Exploit

Add Your Comments

You must be logged in to post a comment.