Sign in with
Sign up | Sign in

Kaspersky Discovers Stealth Virus "Red October"

By - Source: Kaspersky | B 23 comments

Security software firm Kaspersky has unveiled detailed about a stealth virus that has been deployed at least since May 2007 and served as espionage tool.

Called "Rocra", short for "Red October", which refers to the silent submarine at the center of Tom Clancy's 1984 novel "The Hunt for Red October", the malware is the front line of an espionage work that targeted government, research, nuclear energy, military, aerospace, oil and gas as well as trade and commerce institutions primarily in countries of the former Soviet Union, Eastern Europe, as well as Central Asia.

Kaspersky, which said that it has found first evidence of the existence of Red October, whose complexity and sophistication it compares with the Flame malware, identified more than "60 domain names and several server hosting locations in different countries (mainly Germany and Russia)" as a command and control infrastructure , which is set up as "a chain of servers working as proxies and hiding the location of the true -mothership- command and control server".

According to the security researchers, Red October not only attacks PCs, but also smartphones, including iPhone, Nokia-branded phones and Windows Mobile devices, and can dump Cisco enterprise network equipment configurations, hijack files from removable disk drives, including deleted files via its own data recovery capability, steal e-mail databases from local Outlook storage or a remote POP/IMAP server and pull files from local network FTP servers. It appears that the software is mainly based on the exploitation of three Microsoft vulnerabilities, CVE-2009-3129 (Excel), CVE-2010-3333 (Word) and CVE-2012-0158 (Word).

Kaspersky did not say how many computers may be infected by Red October, but mentioned that it found most systems in the area of Russia (35), followed by Kazakhstan (21), Azerbaijan (15), Belgium (15) and India (15). Six infected systems were found in the U.S. The company said that the exploits used by Red October have been developed most likely by Chinese hackers, while malware modules appear to have been created by Russian hackers.

 

Contact Us for News Tips, Corrections and Feedback

Display 23 Comments.
This thread is closed for comments
Top Comments
  • 27 Hide
    The Greater Good , January 16, 2013 1:50 PM
    Give me a ping, Vasili. One ping only, please.
  • 21 Hide
    mavroxur , January 16, 2013 1:55 PM
    The Greater GoodGive me a ping, Vasili. One ping only, please.



    Everyone knows that they read this in Sean Connery's voice.
  • 13 Hide
    kanoobie , January 16, 2013 4:36 PM
    In Soviet Russia, Red October hunts for you.
Other Comments
  • 27 Hide
    The Greater Good , January 16, 2013 1:50 PM
    Give me a ping, Vasili. One ping only, please.
  • 1 Hide
    Parsian , January 16, 2013 1:50 PM
    So the Flame was so sophisticated must of required government agency funding, and if this is as sophisticated, why couldnt be a government agency product?

    either way, this stuff fascinating despite their destructive nature and intends.
  • 21 Hide
    mavroxur , January 16, 2013 1:55 PM
    The Greater GoodGive me a ping, Vasili. One ping only, please.



    Everyone knows that they read this in Sean Connery's voice.
  • 3 Hide
    stingstang , January 16, 2013 2:02 PM
    And my Chief of Staff just came in saying how important drones are to the future of warfare. Should have asked about this, though. Why is so much focus going in to drones when we still have such a huge vulnerability in the cyberspace sector?
  • 7 Hide
    groundrat , January 16, 2013 2:17 PM
    Drones are ops. Ops is boots on the ground, and that is very important. We ARE doing the cyber thing, but unless you have the clearance and the need to know, you won't. Suffice it to say, if your only hearing about what the Chinese teams are doing, the US DOD is doing its job well.
  • -7 Hide
    Pherule , January 16, 2013 2:22 PM
    Crackers is the correct term, not hackers.
  • 9 Hide
    spartanmk2 , January 16, 2013 2:38 PM
    Ryan, shome things in here don't react too well to bulletss
  • -9 Hide
    DRosencraft , January 16, 2013 2:38 PM
    stingstangAnd my Chief of Staff just came in saying how important drones are to the future of warfare. Should have asked about this, though. Why is so much focus going in to drones when we still have such a huge vulnerability in the cyberspace sector?


    Unfortunately any time a mention is even made about trying to drill down on crackers, it gets washed in with discussion on hackers, and you get a flare up from sectors of the free-internet crowd not unlike the flare up from sectors of the NRA crowd every time the words "gun control" are mentioned.
  • -1 Hide
    TeraMedia , January 16, 2013 2:43 PM
    Anyone notice that a lot of the infection focus was on diplomatic / embassy equipment or "unknown victims"? In the US, it was all dipl/embassy. In Brazil, Chile, and Australia, it was all "unknown victims". Whereas in Russia it hit military, research, and nuclear in addition to diplomatic.

    Either this is a KGB program looking for moles, or else this would seem to point to an origin in the Western world somewhere.
  • 0 Hide
    jisamaniac , January 16, 2013 2:45 PM
    mavroxurEveryone knows that they read this in Sean Connery's voice.


    I thought this was from the Princess Bride, so I read in the Giant's voice...
  • 6 Hide
    f-14 , January 16, 2013 2:55 PM
    drosencraftUnfortunately any time a mention is even made about trying to drill down on crackers, it gets washed in with discussion on hackers, and you get a flare up from sectors of the free-internet crowd not unlike the flare up from sectors of the NRA crowd every time the words "gun control" are mentioned.


    What part of 'shall not be infringed' do you not understand?
  • -5 Hide
    DRosencraft , January 16, 2013 3:36 PM
    f-14What part of 'shall not be infringed' do you not understand?


    And there goes my point. All I did was mention the prospect of laws against crackers or more powers to pursue such people, who unless I'm mistaken are considered criminals, and I get down-voted and the stale, uninformed, Constitution argument. Here's a news flash - not every law that proposes commonsense steps to combat a problem is an assault on an individual's rights. The world isn't black/white. It's complex. With rights come responsibilities. But so long as we can't even discuss the matter without ridiculous diving into ideological corners, nothing changes.
  • -2 Hide
    susyque747 , January 16, 2013 4:02 PM
    Reason # 253 why not to use Windows and use Linux.
  • 0 Hide
    Nimmist , January 16, 2013 4:04 PM
    Quote:
    All I did was mention the prospect of laws against crackers or more powers to pursue such people, who unless I'm mistaken are considered criminals,


    If they are already criminals than they are already breaking the law and no new laws need to be made. How about enforcing existing laws?
  • -1 Hide
    DRosencraft , January 16, 2013 4:15 PM
    NimmistIf they are already criminals than they are already breaking the law and no new laws need to be made. How about enforcing existing laws?


    The way laws are written is that they address a problem first and execution second. In other words, you can have something be illegal, but not include in the law any guidelines on how it's supposed to executed, or what limits on prosecution exist. The idea of this process is so that the executive goes back, drafts rules, and those rules are later passed into law. The issue with cyber security is that what very little law is on the books lacks the executive definition as passed by subsequent law. People hear about Congress passing a law and think that's it. They fail to understand the way laws are implemented, and that most laws are initially vague until later refinement is applied. Few laws are like Healthcare Reform, or tax law. The Executive asks for laws in a given direction, Congress passes a law in that direction, it's signed into law, executive level authorities draft rules and establish requisite powers, and Congress goes back and passes applicable new laws to satisfy the power to fully enact the law. As I said in my previous posts, the initial laws pass setting up what is a crime, but no enforcement power is given to applicable institutions because each time talk about it starts people get in a huff about even talking about it.
  • 0 Hide
    memadmax , January 16, 2013 4:15 PM
    Most things in here don't react too well to bullets...
  • 1 Hide
    Nimmist , January 16, 2013 4:17 PM
    Actually, a country’s laws stop at its border. From the article, Chinese and Russians were involved with this particular virus so unless you’re from China or Russia, any law you come up with would be meaningless. You would have to have your government go after their government and their government would have to decide whether or not to do anything about it.
  • 3 Hide
    Nimmist , January 16, 2013 4:34 PM
    Quote:
    The way laws are written is that they address a problem first and execution second...


    “We need to pass the bill so we can know what’s in it” has not worked out well. Neither has passing vague laws, nor laws that are impossible to enforce, nor simply throwing one law after another out there until everyone is a criminal just for existing. Our law makers, at all levels, are failing us and need to spend more time reviewing bills before passing them as law. Just reading the bills before voting on them would be a good start.

  • 13 Hide
    kanoobie , January 16, 2013 4:36 PM
    In Soviet Russia, Red October hunts for you.
  • 4 Hide
    Usersname , January 16, 2013 6:07 PM
    I see Britain has been relegated to Third World status. Nothing there worth hacking in to or observing.
Display more comments