As stated in the joint statement, Kaspersky Lab and laboratory Crysys (Laboratory of Cryptography and System Security) at the University of Technology and Economics Budapest, MiniDuke to penetrate the target system using a vulnerability in the software, Adobe Reader, working with PDF-files.
The company Adobe has released a patch on February 20, blocking MiniDuke work this way.
However, the Romanian antivirus company BitDefender reports that according to its information MiniDuke is not that the new code and its roots go back in June 2011 - a year and a half before, as this code became known. And in May 2012, according to the logs of system operations, BitDefender received from an unnamed client of the company, MiniDuke already actively infecting computers.
In BitDefender say that both versions of malicious MiniDuke use some modified moments, but rely on the same code base, and, apparently, is the development of the same group of people. According to the company, the first version MiniDuke also attacked a vulnerability in Adobe Reader, Adobe itself that eventually closes (in January, April and August 2012).
Also in BitDefender said that the original version has MiniDuke Chinese roots and used for the report server time Time-server.org with reference to Chinese time zones.
Recall that the original Kaspersky Lab said MiniDuke - a product of Eastern European hackers, possibly Russian or CIS country.
According to Bitdefender, to create MiniDuke likely involved the so-called goskhakery, working with the support of the public authorities. Romanian antivirus company also believes that the original purpose was MiniDuke resources from NATO, and possibly several U.S. agencies. In addition, as Kaspersky Lab and BitDefender agree that MiniDuke - it is much less complex cyber weapons than Stuxnet or Flame.
No comments:
Post a Comment