Last week, researchers from the German security company G Data Software reported for the first time a very complex and sophisticated malware rootkit, Uroburos which is designed to steal data from secure installations and has the ability to take control of an infected machine, execute arbitrary commands and hide its activities from the system owner.
Recently, British cyber experts from BAE Systems revealed the native Russian malware dubbed 'SNAKE', which has remained virtually undetected for at least eight years, while already penetrating a large number of security systems. The Uroburos Rootkit was one of the components of this malware.
In a separate research, Western intelligence officials have discovered another spyware, which has infected hundreds of government computers across Europe and the United States, and is known as “Turla.” Researchers believed that Turla was directly linked to an earlier malicious campaign known as "Red October" or "Red October", a huge global spy-based Cyber Project that was aimed diplomatically, militarily. nuclear and research networks.
"It's an advanced malware that is connected to other Russian exploits, uses encryption and targets Western governments. It has Russian traces all over it,” said Jim Lewis, a former US State Service official.
Yesterday, the BAE Systems Applied Intelligence analyzed the "extent of its poisonous" character Snake which uses new tricks to overcome Windows security, including its ability to hide Web traffic of the victim. The new malware features all the features of an extremely advanced Cyberproject that exploits vulnerabilities from user failures and also has the ability to do exploit to a scalability vulnerability that allows it to bypass Windows 64-bit, a vulnerability that is very similar to a well-known "zero-day" exploit.
"Its design shows that the attackers have an arsenal of penetration tools and have all the characteristics of a highly advanced Project in cyberspace. "The most notable is the trick used by developers to load unsigned malware into 64-bit Windows systems, bypassing essential elements of Windows security," BAE said.
The practice, formerly known as Agent.BTZ, was discovered in 2008 when employees of the US Department of Defense claimed that their classified networks had been breached by an early version of the same virus. Since then it has been developed and many advanced features have been added making it even more versatile and sophisticated than before, BAE reports.
According to BAE Systems Applied Intelligence, malware acts mainly in Eastern Europe, but also in the US, the UK and other Western European countries. Malware can penetrate systems running Windows XP, Vista, 7, and 8.
"Although there has been some awareness of SNAKE malware for a number of years, so far we have not been able to reveal its full potential, and the threat presented to us is clearly something that should be taken much more seriously," he said. Martin Sutherland, CEO of BAE Systems. "
The publication was at The Hacker News