skip to main |
skip to sidebar
10:22:00 AM
valgeo
A new attack is targeting European governments through flaws
exploited in Adobe's Reader software, according to security researchers.
Kaspersky Lab and CrySys Lab
today detailed a new malicious program in the wild, called "MiniDuke,"
that has been attacking government entities and institutions across
Europe. Government entities in the Ukraine, Portugal, Romania, and
others have been targeted, according to the security researcher.
MiniDuke finds its way to infected computers through PDFs. The
malicious hackers -- who Kaspersky believes might have been dormant for
some time because of the technique's similarity to those from the
late-1990s -- have developed very believable and seemingly real PDFs.
Once the file is downloaded to a computer, the exploit, which was
written in Assembler and is only 20KB in size, takes advantage of
unpatched flaws in Reader versions 9, 10, and 11.
Once the downloaded program is running on the computer, it creates a
unique identifier and encrypts any communication it might have with its
creators. It also has mechanisms built in that attempt to fool antivirus
and security professionals into believing it's innocuous.
After all of the checks and safeguards are in place, the software
connects to Twitter to look for tweets on premade accounts, according to
Kaspersky. Those tweets contain tags with encrypted URLs for backdoors
that can send it commands and open up other backdoors through GIF files.
The backdoors are especially malicious. Once running on the
computer, they can allow the hackers to access files, move them, remove
them, or make directories.
The hackers were exploiting bugs Adobe patched in an update last week
that would cause its programs to crash and allow an attacker to gain
control over an infected computer. Adobe acknowledged a week prior to
the update that the flaws allowed attackers to exploit its software, but
didn't provide further details on the nature of those attacks.
However, according to Kaspersky, the attacks are still active and the
last MiniDuke update came down on February 20, indicating that the
hackers might have found a workaround for the patches.
It's not clear what the hackers are looking to steal, but that they've attacked government entities provides some insight.
CNET has contacted Adobe for comment on the hack. We will update this story when we have more information.
Source : cnet
0 σχόλια:
Post a Comment