Older MiniDuke strain found, raises questions about its origins
Posted on 05.03.2013
A version of MiniDuke - the cyberspy malware aimed at governments and agencies in Europe and elsewhere - has been operating for at least 21 months, internet security firm Bitdefender has discovered.


One difference is that the 2012 version fetches time from a clock set to Chinese time; the 2011 version fetches the time from a server of the US Department of the Navy.

The MiniDuke sample just discovered by Bitdefender researchers dates back to at least June 20, 2011, predating the oldest know variant - also discovered by the company - by almost a year. Used to steal intelligence from European governments and various institutes worldwide, the 2011 strain was intended to behave the same as the newer ones.

"The discovery of this older MiniDuke malware strain raises questions about the origin of the 2012 samples and the malware as a whole," said Bitdefender Chief Security Strategist Catalin Cosoi. "The switch from a US Navy clock to a Chinese clock suggests the malware's designers are simply throwing up a smoke cloud as to their identity."

Cosoi, said, however, that all versions so far discovered show that MiniDuke was designed for spying. "MiniDuke was clearly designed as a cyber-espionage tool to specifically target key sensitive government data," he said. "This casts a degree of doubt on who designed MiniDuke."

As of today, the newly discovered MiniDuke sample was still seeking encrypted command and control instructions via an active Twitter account, with a single instruction dated February 21st, 2012. The 2011 version does not use Google to search for command and control instructions, but lays dormant if it can't connect to Twitter.

Bitdefender has also released a free removal tool that can detect and remove all variants of MiniDuke, including the one from 2011.





Spotlight

New Zeus variant targets users of 150 banks

Posted on 19 December 2014.  |  A new variant of the infamous Zeus banking and information-stealing Trojan has been created to target the users of over 150 different banks and 20 payment systems in 15 countries, including the UK, the US, Russia, Spain and Japan.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Mon, Dec 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //