Rocra malware spies on governments

Powered by SC Magazine
 

Kaspersky details its hunt for "Red October".

Kaspersky Labs has released a report into its discovery of a complex, active malware kit that appears to have beem used over the past five years to spy on diplomatic missions and government agencies around the world.

Named Rocra - which is short for Red October - the malware steals user and network credentials, files, Outlook email storage files as well as messages from POP/IMAP mail servers and data from FTP file servers. The malware also contains modules designed to steal data from Windows Mobile, iPhone and Nokia devices.

Kaspersky used time-stamps on the malware executables to trace its use back to 2007. The researchers said Red October was discovered in October last year and rivals the Flame malware in complexity and ability.

Kaspersky engineers believe the malware targets Eastern European, former USSR countries and Central Asian nations. Western European and and North American countries have also been in the firing line.

At this time, there is no evidence linking Red October to any particular country, but Kaspersky Labs notes the exploits in Red October that target Microsoft Word and Excel seem to have been created by Chinese Hackers and malware modules by Russian-speaking coders.

Red October has been active in attacking trade, research, nuclear power and energy institutions, oil and gas companies as well as aerospace enterprises and the military.

Over sixty domain names were used by the attackers  to control the malware and to collect the data it steals, with Internet Protocol addresses geolocated mostly in Russia and Germany, the report noted. By monitoring some of the attackers' domains, Kaspersky was able to record around 55,000 connections from 250 different IP addresses.

Copyright © iTnews.com.au . All rights reserved.


Rocra malware spies on governments
 
 
 
Top Stories
Microsoft confirms Australian Azure launch
Available from next week.
 
NBN Co names first 140 FTTN sites
National trial extended.
 
Cloud, big data propel bank CISOs into the boardroom
And this time, they are welcome.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  25%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  22%
 
End user computing (desktops, mobiles, apps)
  14%
 
Software development
  27%
TOTAL VOTES: 264

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  61%
 
No
  39%
TOTAL VOTES: 84

Vote