Welcome Guest [Log In] [Register]
Welcome to Perspectives. We hope you enjoy your visit.


You're currently viewing our forum as a guest. This means you are limited to certain areas of the board and there are some features you can't use. If you join our community, you'll be able to access member-only sections, and use many member-only features such as customizing your profile, sending personal messages, and voting in polls. Registration is simple, fast, and completely free.


Join our community!


If you're already a member please log in to your account to access all of our features:

Username:   Password:
Add Reply
Researchers crack open unusually advanced malware that hid for 5 years; Espionage platform with more than 50 modules was almost certainly state sponsored.
Topic Started: Aug 9 2016, 05:55 AM (1,501 Views)
Deleted User
Deleted User

Security experts have discovered a malware platform that's so advanced in its design and execution that it could probably have been developed only with the active support of a nation state.

The malware—known alternatively as "ProjectSauron" by researchers from Kaspersky Lab and "Remsec" by their counterparts from Symantec—has been active since at least 2011 and has been discovered on 30 or so targets. Its ability to operate undetected for five years is a testament to its creators, who clearly studied other state-sponsored hacking groups in an attempt to replicate their advances and avoid their mistakes. State-sponsored groups have been responsible for malware like the Stuxnet- or National Security Agency-linked Flame, Duqu, and Regin. Much of ProjectSauron resides solely in computer memory and was written in the form of Binary Large Objects, making it hard to detect using antivirus.

Because of the way the software was written, clues left behind by ProjectSauron in so-called software artifacts are unique to each of its targets. That means that clues collected from one infection don't help researchers uncover new infections. Unlike many malware operations that reuse servers, domain names, or IP addresses for command and control channels, the people behind ProjectSauron chose a different one for almost every target.

http://arstechnica.com/security/2016/08/researchers-crack-open-unusually-advanced-malware-that-hid-for-5-years/
Quote Post Goto Top
 
edro14

Thanks for the heads up. This is one sophisticated malware.
Offline Profile Quote Post Goto Top
 
mysysail
Member Avatar
Global_Hick
Valuable info, indeed. Thanks.
Offline Profile Quote Post Goto Top
 
Deleted User
Deleted User

malwarebytes!
Quote Post Goto Top
 
edro14

Malwarebytes didn't discover it either!

And the cure has not been created to locate all the back doors this bug has created.
Offline Profile Quote Post Goto Top
 
1 user reading this topic (1 Guest and 0 Anonymous)
« Previous Topic · Computers and Telecom · Next Topic »
Add Reply