Russia

Uroburos Spy Malware; From Russia With Love

Mar 05, 2014 By Sharon Solomon

The political tension in between Russia and the USA is mounting and the latest cyberweapon revelation is not going to help calm the relations. German security firm G-Data has exposed Uroburos, a sophisticated and complex rootkit that has been infiltrating US related targets for more than 3 years.

Uroburos has also been analyzed and broken down by the aforementioned German research lab. The source code revealed comments written in Russian, which means that the Russian government is probably behind the espionage software.

Another reason to believe that this is the work of a heavily funded department from Russia is the complexity of the framework. The design is highly professional and the developer team responsible for the toolkit has produced a sophisticated product.

Uroburos consists of two files, a driver and an encrypted virtual file system. Once injected into a system, this rootkit is capable capturing of network traffic, harvesting data and also stealing of files from the contaminated computer. Uroburos works in peer-to-peer mode, meaning that contaminated machines can infect other network computers.

This specific cyberweapon was designed to exploit large institutions, government infrastructures and other high-profile targets. The oldest driver identified was compiled back in 2011, which points at its effectiveness and stealthiness. It’s safe to assume that the Russian espionage agencies have more versions of this malware in the pipeline.

CISOs and InfoSec executives must adopt a proactive approach to counter malicious rootkits that are capable of contaminating entire networks and harvesting sensitive information.

  • Make sure all computers at work are protected by official versions of well-reputed anti-virus products/software and make sure they are always up-to-date.
  • Reports from worker and customers about unusually large amounts of spam emails should be taken seriously. This often is the result of infected and exploited networks.
  • Kernel/Memory Dumping of the infected systems is an effective, albeit complicated way to deal with rootkits. The rootkit can’t obfuscate its actions and is eventually detected.
  • It’s also a good idea to integrate good backup solutions into systems. This simplifies the OS re-installation process, often the last resort in such cases.

Information security has become a tedious job with cyberattacks coming in from all directions and various shapes. Uroburos is a reminder that not all malware and viruses are easy to detect and eradicate. Infosec experts should always have capable anti-rootkit software in their arsenal. Digital espionage is a reality that has to be dealt with smartly.

Source – Uroburos Research Study

The following two tabs change content below.

Sharon Solomon

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.