Forgot your password?
typodupeerror
Security IT

'Old School' Hackers Attack European Governments Using 'MiniDuke' Malware 48

Posted by Soulskill
from the you-don't-want-to-go-full-duke dept.
puddingebola writes "The Guardian reports that hackers have been targeting officials from over 20 European governments with a new piece of malware called 'MiniDuke.' 'The cybersecurity firm Kaspersky Lab, which discovered MiniDuke, said the attackers had servers based in Panama and Turkey – but an examination of the code revealed no further clues about its origin (PDF). Goverments targeted include those of Ireland, Romania, Portugal, Belgium and the Czech Republic. The malware also compromised the computers of a prominent research foundation in Hungary, two thinktanks, and an unnamed healthcare provider in the US.' Eugene Kaspersky says it's an unusual piece of malware because it's reminiscent of attacks from two decades ago. 'I remember this style of malicious programming from the end of the 1990s and the beginning of the 2000s. I wonder if these types of malware writers, who have been in hibernation for more than a decade, have suddenly awoken and joined the sophisticated group of threat actors active in the cyber world.' The computers were corrupted through an Adobe PDF attachment to an email."
This discussion has been archived. No new comments can be posted.

'Old School' Hackers Attack European Governments Using 'MiniDuke' Malware

Comments Filter:
  • "The computers were corrupted through an Adobe PDF attachment to an email." -- It never ends! Why is this still an attack vector? This could have been totally avoided with a little user education and decent network security policy.
    • by dgatwood (11270)

      This could have been totally avoided with a little user education and decent network security policy.

      By which, of course, you mean banning Adobe software and blocking any attempts to download it. It seems like I'm getting Flash Player security updates about once a week [sophos.com]. On the one hand, it's good news that they're finally fixing that steaming pile of bugs, but on the other hand, it makes me wonder how many of those security holes have been secretly exploited for years, and how many of the Flash crashes I'

      • I remember several years back using a flash tool that allowed reading/writing of arbitrary files on the system, back in Flash3-5 IIRC... Our use was not malicious, and it was before Flash had offline data available... we were only using it to store the active simulation/test being taken, but at that time I disabled flash on every machine outside of work I had access to. Was a colossal security hole.
      • If you don't load Adobe software, how will you read the early episodes of Platinum Grit [platinumgrit.com]?

        I'll admit there's no other valid use case for any Adobe software, though.

        • by EdZ (755139)
          Luckily, Shadowline have all but the last volume (20) of Platinum Grit available as regular images [shadowlineonline.com], derived from the print edition layouts.

          I'm not sure whether to praise Oglaf for being hilarious, or damn it for putting the nail in the coffin of Platinum Girt.
    • Re: (Score:2, Insightful)

      by Anonymous Coward

      They would have been protected if they had been using Chromebooks.
      Within the next 5 years, probably 75% of the world will move to this safer platform and finally most hacks will be gone.
      Only power users will still be using full-on PCs.

      • by Anonymous Coward

        Exactly. The Chromebook Renaissance will dwarf the Tonka Big Wheel Renaissance that replaced SUVs as much safer, though somewhat limited, forms of transportation.

  • by Anonymous Coward on Wednesday February 27, 2013 @08:27PM (#43029719)

    Anyone else weary to click the attached PDF?

    • by Anonymous Coward

      I'm really starting to grow weary of PDF.

      What does 'PDF' stand for anyways? 'Pedo file'?

      • Re: (Score:2, Funny)

        by Anonymous Coward

        I'm really starting to grow weary of PDF.

        What does 'PDF' stand for anyways? 'Pedo file'?

        PDF: Please Don't Fuckup.

        • by _4rp4n3t (1617415)

          I'm really starting to grow weary of PDF.

          What does 'PDF' stand for anyways? 'Pedo file'?

          PDF: Please Don't Fuckup.

          PDF-A: Please Don't Fuckup Again

    • Erm no? I use Linux and open PDFs with Okular.

      What? You can't honestly tell me that you are using Acrobat? Even on Windows that's stupid.

      • Agreed.. I think it's time that Acrobat simply open in read/view only mode.. no scripts, no forms active, unless you click the warning.. similar to what MS did with Word a decade ago... I use Sumatra on windows...
  • by Grayhand (2610049) on Wednesday February 27, 2013 @08:34PM (#43029777)
    From Hell's retirement home I stab at thee!" Why do I get this picture of some hackers with walkers and false teeth striking out with a couple of old 8088s from their group home?
    • by cameloid (120654)

      Bu884 H073P

    • Re: (Score:2, Funny)

      by trentfoley (226635)

      8080A, Z-80, or 6502. When you've been 8-bit hacked, you stay hacked!

      You and your new-fangled 16 bit processors. At least use an 8086, or even better, a moto 68k!

      And, don't knock false teeth. Where else do you think I have my portable wifi hotspot installed?

  • The malware also compromised the computers of a prominent research foundation in Hungary, two thinktanks, and an unnamed healthcare provider in the US.

    Yes, because anywhere but in the United States, there's no harm in publishing the names of those harmed by malware attacks. I, for one, would be interested in knowing which healthcare provider managed has been infiltrated, since, you know, it could be a life or death kind of thing, unlike research foundations and think tanks.

  • by mcmonkey (96054) on Wednesday February 27, 2013 @08:51PM (#43029905) Homepage

    These days, who gets excited over pictures of Anna Kournikova?

    • by Virtucon (127420)

      As she was then? or now?

      Have you seen her lately? She's still hot.

      But I guess I'm in the genre that thinks Jennifer Aniston still is hot.

      • by Nidi62 (1525137)

        But I guess I'm in the genre that thinks Jennifer Aniston still is hot.

        When did Jennifer Anniston supposedly become unhot?

  • Irony (Score:3, Funny)

    by Anonymous Coward on Wednesday February 27, 2013 @09:02PM (#43030001)

    "The computers were corrupted through an Adobe PDF attachment to an email." Links to a PDF describing the attack.

    • by s.petry (762400)

      I thought the same thing, and reported Kaspersky to Kaspersky as a possible risk!

      On the more serious side, it was pretty interesting to see an old school assembly built virus. Takes me back to the good ole days.

  • by v1 (525388) on Wednesday February 27, 2013 @09:26PM (#43030223) Homepage Journal

    mac: "The pdf was corrupted and could not be opened. Try downloading again."

    mac: "The pdf was corrupted and could not be opened, open in raw text view?"

    windows: "This document requires age verification to view. Please verify your internet connection and enter a valid credit card number to proceed."

    • all typeos will be hidden despite use of preview button, but will become immediately obvious two seconds after clicking POST.

      That 2nd line if you coulnd't figure it out, was supposed to start with "linux: " :P

  • I don't understand why hacking through PDF is considered old school. Is the exploit really old?

    • I guess because they used good old fashioned con artistry in the form of a seemingly somewhat successful spearphish. (Say that four times fast , boys and goyls!)
  • "The malware also compromised the computers of a prominent research foundation in Hungary, two thinktanks, and an unnamed healthcare provider in the US"

    Is there some kind of rule on tech sites that you're not allowed to mention Microsoft Windows in relation to Windows malware.
  • first thing I thought of when I saw this was, +0rc and Fravia's pages.... wow that takes me back

  • One decade ago (Score:4, Insightful)

    by Anonymous Coward on Thursday February 28, 2013 @12:38AM (#43031337)

    Eugene Kaspersky says it's an unusual piece of malware because it's reminiscent of attacks from two decades ago. 'I remember this style of malicious programming from the end of the 1990s and the beginning of the 2000s.

    Unless I've been asleep for a very long time, the late 90s/early 00s is one decade ago.

    • by PiRXlv (2853357)
      Late 90s is about 15 years ago. Not sure it can be called two decades, but without a doubt it's more than one decade.

Put no trust in cryptic comments.

Working...