Kaspersky unveils NSA's worst malware

Investigators Kaspersky software have discovered a new complex system developed and used by the National Security Agency (NSA).obama nsa

EquationDrug or the Equestre platform uses 116 modules to successfully track computers and steal for the secret information service.

"It's important to note that EquationDrug is not just a trojan, but a complete espionage platform, which includes a framework for conducting espionage activities by developing special modules to work better on the computers of selected victims," ​​its researchers said. Kaspersky.

"The architecture of the whole framework looks like a mini-operating system that has a kernel-mode and user-mode kernel, and its components seem to interact very carefully through a personalized messaging interface."

The platform is part of its ongoing campaign NSA to contaminate it of hard drives. It replaces the older EquationLaser and upgrades to the GrayFish platform.

Most of the unique identifiers and encoded names are tied to encrypted sections and so are unclear. Some modules can be identified with the unique identification number they use. Others again depend on other plugins to function.

Each plugin has a unique ID and a version number that defines all of the features it can offer.

Kaspersky researchers have been able to reveal 30 from the 116 modules that they believe are in NSA's super malware.

“The additives we discovered probably represent only a small fraction of the of the attack," the researchers report.EquationDrug

Units that have been detected so far in the NSA tool include malicious software for:

  • Traffic Traffic Network for theft or re-routing
  • DNS Reverse DNS (DNS PTR records)
  • Computer Management
  • Start procedures / stop
  • Loading and libraries
  • Manage files and directories
  • Collection of system information
  • Running version of the operating system
  • Computer name detection
  • Detect user name
  • Location Detection
  • Keyboard Layout Detection
  • Time zone detection
  • List of Procedures
  • Detect network resources s, enumeration and access to common areas
  • WMI Information Collection
  • Collection of cached passwords
  • Counting processes and other system functions
  • Tracking user activity from web browsers in real time
  • Low-level NTFS file system access based on the popular Sleuthkit framework
  • Monitor removable storage units
  • Passive backdoor network (running Equation shellcode from raw traffic)
  • HDD and SSD firmware manipulation
  • Keylogging and clipboard tracking
  • Browsing history, cached passwords, and auto-fill form data collection.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.087 registrants.

driversKasperskymalwareNSAstopGreat

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).