'Old School' Hackers Attack European Governments Using 'MiniDuke' Malware

puddingebola writes "The Guardian reports that hackers have been targeting officials from over 20 European governments with a new piece of malware called 'MiniDuke.' 'The cybersecurity firm Kaspersky Lab, which discovered MiniDuke, said the attackers had servers based in Panama and Turkey – but an examination of the code revealed no further clues about its origin (PDF). Goverments targeted include those of Ireland, Romania, Portugal, Belgium and the Czech Republic. The malware also compromised the computers of a prominent research foundation in Hungary, two thinktanks, and an unnamed healthcare provider in the US.' Eugene Kaspersky says it's an unusual piece of malware because it's reminiscent of attacks from two decades ago. 'I remember this style of malicious programming from the end of the 1990s and the beginning of the 2000s. I wonder if these types of malware writers, who have been in hibernation for more than a decade, have suddenly awoken and joined the sophisticated group of threat actors active in the cyber world.' The computers were corrupted through an Adobe PDF attachment to an email."

emailed pdf, say it ain't so!

[masternerdguy]

"The computers were corrupted through an Adobe PDF attachment to an email." -- It never ends! Why is this still an attack vector? This could have been totally avoided with a little user education and decent network security policy.

Re:

[dgatwood]

This could have been totally avoided with a little user education and decent network security policy.

By which, of course, you mean banning Adobe software and blocking any attempts to download it. It seems like I'm getting Flash Player security updates about once a week [sophos.com]. On the one hand, it's good news that they're finally fixing that steaming pile of bugs, but on the other hand, it makes me wonder how many of those security holes have been secretly exploited for years, and how many of the Flash crashes I'

Re:

[aztracker1]

I remember several years back using a flash tool that allowed reading/writing of arbitrary files on the system, back in Flash3-5 IIRC... Our use was not malicious, and it was before Flash had offline data available... we were only using it to store the active simulation/test being taken, but at that time I disabled flash on every machine outside of work I had access to. Was a colossal security hole.

Adobe's software still has an important use case.

[Medievalist]

If you don't load Adobe software, how will you read the early episodes of Platinum Grit [platinumgrit.com]?

I'll admit there's no other valid use case for any Adobe software, though.

Re:

[EdZ]

Luckily, Shadowline have all but the last volume (20) of Platinum Grit available as regular images [shadowlineonline.com], derived from the print edition layouts.

I'm not sure whether to praise Oglaf for being hilarious, or damn it for putting the nail in the coffin of Platinum Girt.

Re:

[Anonymous Coward]

They would have been protected if they had been using Chromebooks.
Within the next 5 years, probably 75% of the world will move to this safer platform and finally most hacks will be gone.
Only power users will still be using full-on PCs.

Re:

[Anonymous Coward]

Exactly. The Chromebook Renaissance will dwarf the Tonka Big Wheel Renaissance that replaced SUVs as much safer, though somewhat limited, forms of transportation.

PDF attachment

[Anonymous Coward]

Anyone else weary to click the attached PDF?

Re:

[Anonymous Coward]

I'm really starting to grow weary of PDF.

What does 'PDF' stand for anyways? 'Pedo file'?

Re:

[Anonymous Coward]

I'm really starting to grow weary of PDF.

What does 'PDF' stand for anyways? 'Pedo file'?

PDF: Please Don't Fuckup.

Re:

[_4rp4n3t]

I'm really starting to grow weary of PDF.

What does 'PDF' stand for anyways? 'Pedo file'?

PDF: Please Don't Fuckup.

PDF-A: Please Don't Fuckup Again

Re:

[cheater512]

Erm no? I use Linux and open PDFs with Okular.

What? You can't honestly tell me that you are using Acrobat? Even on Windows that's stupid.

Re:

[aztracker1]

Agreed.. I think it's time that Acrobat simply open in read/view only mode.. no scripts, no forms active, unless you click the warning.. similar to what MS did with Word a decade ago... I use Sumatra on windows...

Aging hackers

[Grayhand]

From Hell's retirement home I stab at thee!" Why do I get this picture of some hackers with walkers and false teeth striking out with a couple of old 8088s from their group home?

Get off my lawn

[Anonymous Coward]

Back in my day we were real hackers. We modified the wooden cogs with sinew and hasps! And that is the way we liked it! You young'ns and your Edison machines! Not one bit of brains amongst any of ya!

Re:

[cameloid]

Bu884 H073P

Re:

[trentfoley]

8080A, Z-80, or 6502. When you've been 8-bit hacked, you stay hacked!

You and your new-fangled 16 bit processors. At least use an 8086, or even better, a moto 68k!

And, don't knock false teeth. Where else do you think I have my portable wifi hotspot installed?

Lies of omission

[girlintraining]

The malware also compromised the computers of a prominent research foundation in Hungary, two thinktanks, and an unnamed healthcare provider in the US.

Yes, because anywhere but in the United States, there's no harm in publishing the names of those harmed by malware attacks. I, for one, would be interested in knowing which healthcare provider managed has been infiltrated, since, you know, it could be a life or death kind of thing, unlike research foundations and think tanks.

reminiscent of attacks from two decades ago?

[mcmonkey]

These days, who gets excited over pictures of Anna Kournikova?

Re:

[Virtucon]

As she was then? or now?

Have you seen her lately? She's still hot.

But I guess I'm in the genre that thinks Jennifer Aniston still is hot.

Re:

[Nidi62]

But I guess I'm in the genre that thinks Jennifer Aniston still is hot.

When did Jennifer Anniston supposedly become unhot?

Irony

[Anonymous Coward]

"The computers were corrupted through an Adobe PDF attachment to an email." Links to a PDF describing the attack.

Re:

[s.petry]

I thought the same thing, and reported Kaspersky to Kaspersky as a possible risk!

On the more serious side, it was pretty interesting to see an old school assembly built virus. Takes me back to the good ole days.

open a pdf on ...

[v1]

mac: "The pdf was corrupted and could not be opened. Try downloading again."

mac: "The pdf was corrupted and could not be opened, open in raw text view?"

windows: "This document requires age verification to view. Please verify your internet connection and enter a valid credit card number to proceed."

brain autocorrects previews apparently

[v1]

all typeos will be hidden despite use of preview button, but will become immediately obvious two seconds after clicking POST.

That 2nd line if you coulnd't figure it out, was supposed to start with "linux: " :P

What makes them old school?

[elucido]

I don't understand why hacking through PDF is considered old school. Is the exploit really old?

Re:

[ma1wrbu5tr]

I guess because they used good old fashioned con artistry in the form of a seemingly somewhat successful spearphish. (Say that four times fast , boys and goyls!)

What ever you do - don't mention Microsoft Windows

[dgharmon]

"The malware also compromised the computers of a prominent research foundation in Hungary, two thinktanks, and an unnamed healthcare provider in the US"

Is there some kind of rule on tech sites that you're not allowed to mention Microsoft Windows in relation to Windows malware.

Re:

[trentfoley]

I had lots of fun with that in the early 90's. The first time I used the tool, I created a virus with no payload - just replicating and... accidentally unleashed it on my employers network. Fortunately, being the only admin, I cleaned it up before anyone noticed - not that they would anyway. Still, thanks for the memory. And, my kids would never find such a thing on my computers! They have yet to break my encryption.

first thing I thought of

[inode_buddha]

first thing I thought of when I saw this was, +0rc and Fravia's pages.... wow that takes me back

One decade ago

[Anonymous Coward]

Eugene Kaspersky says it's an unusual piece of malware because it's reminiscent of attacks from two decades ago. 'I remember this style of malicious programming from the end of the 1990s and the beginning of the 2000s.

Unless I've been asleep for a very long time, the late 90s/early 00s is one decade ago.

Re:

[PiRXlv]

Late 90s is about 15 years ago. Not sure it can be called two decades, but without a doubt it's more than one decade.