Rocra malware spies on governments

Powered by SC Magazine
 

Kaspersky details its hunt for "Red October".

Kaspersky Labs has released a report into its discovery of a complex, active malware kit that appears to have beem used over the past five years to spy on diplomatic missions and government agencies around the world.

Named Rocra - which is short for Red October - the malware steals user and network credentials, files, Outlook email storage files as well as messages from POP/IMAP mail servers and data from FTP file servers. The malware also contains modules designed to steal data from Windows Mobile, iPhone and Nokia devices.

Kaspersky used time-stamps on the malware executables to trace its use back to 2007. The researchers said Red October was discovered in October last year and rivals the Flame malware in complexity and ability.

Kaspersky engineers believe the malware targets Eastern European, former USSR countries and Central Asian nations. Western European and and North American countries have also been in the firing line.

At this time, there is no evidence linking Red October to any particular country, but Kaspersky Labs notes the exploits in Red October that target Microsoft Word and Excel seem to have been created by Chinese Hackers and malware modules by Russian-speaking coders.

Red October has been active in attacking trade, research, nuclear power and energy institutions, oil and gas companies as well as aerospace enterprises and the military.

Over sixty domain names were used by the attackers  to control the malware and to collect the data it steals, with Internet Protocol addresses geolocated mostly in Russia and Germany, the report noted. By monitoring some of the attackers' domains, Kaspersky was able to record around 55,000 connections from 250 different IP addresses.

Copyright © iTnews.com.au . All rights reserved.


Rocra malware spies on governments
 
 
 
Top Stories
ATO investigates 25 tech giants in tax hunt
Prepared to take tax evaders to court.
 
Immigration, Customs restructure IT leadership
Customs CIO promoted into transformation role.
 
NBN Co begins FTTB rollout
Will bring service to 6000 apartments.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  36%
 
Your insurance company
  5%
 
A technology company (Google, Facebook et al)
  9%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  4%
 
A Federal Government agency (ATO, Centrelink etc)
  18%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  7%
TOTAL VOTES: 2960

Vote
Do you support the abolition of the Office of the Information Commissioner?

   |   View results
I support shutting down the OAIC.
  27%
 
I DON'T support shutting the OAIC.
  73%
TOTAL VOTES: 933

Vote