Zero-Day MiniDuke Virus References Dante's Divine Comedy

Hackers released a virus called MiniDuke that attacked 23 government agencies and organizations using advanced malware and has managed to slip under the radar on Twitter and Google.

Kurt Baumgartner, a Kaspersky lab expert, said that the code recalled the days of 29A, a team of hackers whose code was so advanced that computer security experts hoped it would never hit the Internet. "Everybody hoped that their stuff never got out, because they were writing metamorphic, viral engines," Baumgartner told ArsTechnica.

MiniDuke infects computers in three stages: It first "drops its first payload after tricking a victim into opening an authentic-looking PDF document referring to highly relevant topics including human rights, Ukraine's foreign policy, and NATO membership plans," ArsTechnica writes, "Infected machines then use Twitter or Google to retrieve encrypted instructions showing them where to report for additional backdoors. Stages two and three are stashed inside a GIF image file downloaded from the command server."

Both Kaspersky and CrySyS have written reports on MiniDuke, provided a separate set of instructions that would allow experienced researchers to identify and mitigate MiniDuke if found.

What is highly unusual about MiniDuke, if it is in fact an espionage program, is that it is reportedly littered with images of hell, and the code references the number 666, or the Mark of the Beast. It also refers to Dante Alighieri's Divine Comedy. Such sophisticated and successful programs rarely have so much personality — the Stuxnet virus, for instance, which some believe the U.S. and Israel created to stall Iran's nuclear program, contained what researchers believe are references to the Purim queen and the date an Iranian Jewish businessman was executed in Tehran.

MiniDuke is the first known exploit to be able to compromise the security sandbox in Adobe Reader, which has built-in defenses to make such attacks far more difficult. Baumgartner says that the advanced, but old, assembler techniques and its use of widespread services such as Twitter and Google are things that take an old-school virus writer to accomplish.

© 2024 iTech Post All rights reserved. Do not reproduce without permission.

More from iTechPost

Real Time Analytics