Tuesday, 15 January 2013
The Kaspersky team has dubbed the newly discovered network as Rocra – a shortened name for Red October. They say the network is capable of stealing data from smartphones, dumping network equipment configurations, seizing files from removable disk drives, including those that had been erased, and scanning through email databases and local network FTP servers.
What distinguishes this espionage system from similar ones like Flame and Grauss, is that Rocra’s attacks are carefully prepared. Before the attack, the configuration of the victim’s hardware and software, his native language and even habit of document usage is thoroughly considered.
Information snatched by espionage networks is typically used afterwards to gain access into additional systems, the antivirus experts say.
It is still quite a task to find out the hackers’ location, the Kaspersky team admits, as the “mothership” control server is functioning through its proxies performing operations from more than 60 domain names and several server hosting locations in different countries – primarily in Germany and Russia, the experts add.
However, there are some hints that indicate the attackers behind the network might be of Russophone origin, as Russian words have been spotted. The Red October has been infecting computers since at least 2007, the Kaspersky Lab revealed. The company said the investigation into the malware was performed with the support from the US Romanian and Belorusian Computer Emergency Readiness Teams.
A number of cyber espionage programs has been discovered by the Kaspersky Lab over the past few years./div> One of the most powerful of them – Flame – was first spotted by the Russian anti-virus giant in 2010. For years this data-snatching virus had been attacked hundreds of computers in Iran, before it was finally uncovered.
First information about another powerful virus dubbed Gauss appeared in mid 2012. By that time it had attacked thousands of computers in the Middle East – primarily in Lebanon, but also in Israel and Palestinian territories – seizing financial transactions, emails and picking passwords to all kind of pages.
According to Kaspersky Lab’s co-founder and CEO Eugene Kaspersky, global cyber warfare tactics are becoming more sophisticated while also becoming more threatening. Speaking at an International Telecommunication Union Telecom World conference in Dubai, the anti-virus tycoon said, "cyber warfare is in full swing and we expect it to escalate in 2013."
http://english.ruvr.ru/2013_01_15/Flame-Gauss-now-Red-October-another-powerful-spy-virus-found-by-Kaspersky-Lab//div> /body> /html>
Posted @ 15:45