The Inquirer-Home

Kaspersky uncovers malicious government spy program, Miniduke

Has been used globally in attacks using PDF documents over the past week
Thu Feb 28 2013, 14:17
Kaspersky Lab logo

SECURITY COMPANY Kaspersky has discovered a malicious spy program dubbed Miniduke that the firm claims has been used to attack governments and institutions across the world during the past week.

According to Kaspersky's analysis, MiniDuke is a fresh bit of espionage software designed for spying on, and has compromised, a number of high profile targets including research institutes and healthcare providers in the United States as well as government units in Belgium, Ireland, Portugal, Romania, Ukraine and the Czech Republic.

Kaspersky found the spy program and, along with security research firm Crysys Lab, analysed the findings and published them in "The MiniDuke Mystery" report.

"MiniDuke's highly customised backdoor was written in Assembler and is very small in size, being only 20KB," Kaspersky's report said.

The security firm claims the the style of the Miniduke spy programme is similar to those seen in the end of the 1990s and the beginning of the 2000s.

"I wonder if these types of malware writers, who have been in hibernation for more than a decade, have suddenly awoken and joined the sophisticated group of threat actors active in the cyberworld," the firm's founder and CEO Eugene Kasperky said.

"These elite, 'old school' malware writers were extremely effective in the past at creating highly complex viruses, and are now combining these skills with the newly advanced sandbox evading exploits to target government entities or research institutions in several countries."

Kaspersky warned that the combination of experienced old school malware writers using newly discovered exploits is "extremely dangerous".

To compromise victims, the attackers used social engineering techniques, which involved sending malicious PDF documents to their targets.

"The PDFs were highly relevant, with well-crafted content that fabricated human rights seminar information (ASEM) and Ukraine's foreign policy and NATO membership plans," the report said. "These malicious PDF files were rigged with exploits attacking Adobe Reader versions 9, 10, and 11, bypassing its sandbox."

A toolkit was used to create these exploits, which Kaspersky said appeared be the same toolkit that was used in the recent zero day attack seen in Java and reported by FireEye. However, the exploits used in the MiniDuke attacks were for different purposes and had their own customised malware, Kaspersky said. µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Happy new year!

What tech are you most looking forward to in 2015