A sophisticated piece of malware, written in lua, infected government computers in , at least 38 instances, including Russia, Iran, and Rwanda, evading detection for over five years, due to low key, pinpoint attacks.
The malware, called “ProjectSauron” by Kaspersky and “Remsec” by Symantec,is used by a group called “Striker” and has been active since 2011, or longer, acting on the computers of government entities, military operations, research institutions, banks, and telecommunication companies.
The malware,is “plastic” in the sense that it has the ability to avoid leaving repeated patterns that are easily identified , whether this is due to a high degree of mutability or heavy obfuscation is unclear at this time.
“The attackers clearly understand that we as researchers are always looking for patterns,” a Kaspersky report said. “Remove the patterns and the operation will be harder to discover. We are aware of more than 30 organizations attacked, but we are sure that this is just a tiny tip of the iceberg.
”This pattern avoidance is crucial to the malware’s success, and also downright impressive. For example: executables had different names on different machines, all of them designed to look innocuous.
The malware takes on seemingly mundane filenames that users would not find out-of-place,and after most of the attacks ,the hackers remove much of the actual evidence,making it harder to detect the fact the an attack has even taken place…
This malware is very adaptable due to it;s modular nature and is capable of attacking serverside on many different server configurations including apache.
The malware can also be transported on USB drives , and implanted on hard drives via u.s.b port in the same way the stuxnet virus was transported.
According to Kaspersky, the malware is “designed to perform specific functions like stealing documents, recording keystrokes, and hijacking encryption keys from both infected computers and attached USB sticks.”
“What isn’t known is who made this malware.”
No shit sherlock….