Security firm claims Russian government makes malware


Userlevel 7
Badge +54
German firm G Data Security alleges that newly detected malware known as "Uroburos" was made by the Russian government.

 The German computer security and antivirus detection company G Data Security has alleged that the Russian government is behind the newly detected malware known as "Uroburos."

G Data bases its case for Russian government involvement on the complexity of the malware and the presence of Cyrillic words in the malware sample. G Data blog author "MN" points to file names, encryption keys, and behavior of Uroburos as evidence that the Russian government played a role in the creation of the malware.

 Another key component, said MN, is that Uroburos looks for a previous piece of malware that's been tied to Russia, but not its government conclusively.

"Uroburos checks for the presence of Agent.BTZ and remains inactive if it is installed," said MN. Agent.BTZ is extremely damaging malware linked to a severe attack against the Pentagon in 2008.

Just yesterday, at the TrustyCon conference for trustworthy technology, Mikko Hypponen, the chief technology officer at security firm F-Secure, said there are few governments actively involved in writing and distributing malware.

 "Ten years ago this would've been science fiction," he said. Arguably the most famous example of government-sourced malware is the Stuxnet worm, which targeted a specific kind of software that controls nuclear facilities. The United States and Israel have been implicated in the creation and distribution of Stuxnet.

Uroburos is a rootkit made of two files, "a driver and an encrypted virtual file system," that can "take control of an infected computer, execute arbitrary commands, and hide system activities." The malware is highly dangerous, MN alleges, because its structure is "modular" and "flexible," meaning that new malicious functions can be added to it easily.
 
Source Article

16 replies

Userlevel 7
Hi Jasper
 
To be honest this does not surprise me at all.  The Russian have some of the brightest minds in the world when it comes to IT...and also I think that most of the major countries in the world (and some of the lesser ones too) have recognised that cyber warefare is the up and coming theatre of ware that needs to be taken seriously.
 
Some are more interested in defense whilst others consider that attack is the best form of defense.  Either way it is the new battleground.
 
Regards
 
 
Baldrick
Userlevel 7
Badge +54
What would surprise me more is if Governments were not actually involved in cyberwarfare. It has too much going for it to ignore when you consider the amount of damage one person could do to another country while sat behind a desk.
Userlevel 7
What do you mean 'one person'...apparently the Chinese government has covert cyberwarfare unversities & colleages churning out the cyber warfare foot soldier...so it won't be one person behind a desk but thousands behind thousands of desks...or so say the conspiracy theorists...but there is no smoke without fire and I am sure that whilst it may not be on the conspiracy theory scale there is certainly serious government sponsored cyber warfare preparation both offensive & defensive.
 
For example this one was in the press recently...and that is just South Korean...who know what they are up to in the North of the peninsula?
Userlevel 7
Badge +3
We're all doooomed!!! :D
 
It's terrible though, what keeps coming up, on a very regular basis.
 
Userlevel 7
Only if we ever get to the likes of SkyNet, etc...can you imagine a virus with AI capabilities, and no feelings, emotions, guilt, etc.?  Humans of that ilk are bad enough.
 
But having said that we are only facing the same kind of threat as was perceived when gunpowder was first introduced (it was the end of the castle/fortifications made of stone)...humans faced the threat and adapted.
 
What really grates with me is think of all the money that is being poured into this sort of thing...and what it could do if used for humanitarian & socially responsible causes? :(
Userlevel 7
Badge +52
"G Data bases its case for Russian government involvement on the complexity of the malware and the presence of Cyrillic words in the malware sample. G Data blog author "MN" points to file names, encryption keys, and behavior of Uroburos as evidence that the Russian government played a role in the creation of the malware. "
 
Strange conclusions) Talented programmers enough in almost any country. Following this logic, if they found the alien characters in the malware code that will stand behind these aliens))
:D
And where the western owners sleep, stole the name Uroburos from the cult game resident evil.:D
Userlevel 7
Badge +54
I did not phrase it very well @  what I should have said, if one person can create havoc while sat behind a desk imagine what all the people across the globe in Government departments who are in the espionage game can do.
Userlevel 7
Hi Jasper
 
Apologies...I took you too literally...of course. :$
 
Regards
 
 
Baldrick
Userlevel 7
Badge +54
No need to apologise Baldrick, I should have phrased it better than I did. 😃
Userlevel 7
Badge +52
Not a month goes by without someone accusing country X or country Y of being responsible for a malware attack.:D
As always, we need to be careful about jumping to conclusions.
Although it’s easy to piece together pieces of “evidence” from malware code such as snippets of language, or resources which have been compiled with certain language settings that *isn’t* necessarily proof beyond reasonable doubt that citizens of a particular country were responsible, let alone that the attack has the backing of the country’s government.
At the same time, we would be naive to think that many countries around the world are not taking advantage of malware, vulnerabilities and hacks to spy upon other nations.
Userlevel 7
Sure, Russia sponsors malware creation, but that is no different than most other governments.
 
Cyberwarefare is just getting started! Who knows where this will go, and how much damage can be done by future attacks.
Userlevel 7
Corey, you are so right about that...Russia and China are only highlighted, here in the West (apologies, for the over simplified collective noun...but could not think of a better one :@), because it suits us, in the West, to do so.  But as sure as eggs are eggs the US, UK, most key European countries all have programs either running or starting to cover both defensive AND offensive, i.e., malware creation being one element of that, capabilities.  Israel was blamed as one of the players in the Stuxnet attacks.
 
I am sure that if we were in the East then US, UK, etc. would be highlighted and any reference to China, etc. , would be downplayed.
 
It is just the partisan way of the world.
 
😞
Userlevel 7
@ wrote:
Corey, you are so right about that...Russia and China are only highlighted, here in the West (apologies, for the over simplified collective noun...but could not think of a better one :@), because it suits us, in the West, to do so.  But as sure as eggs are eggs the US, UK, most key European countries all have programs either running or starting to cover both defensive AND offensive, i.e., malware creation being one element of that, capabilities.  Israel was blamed as one of the players in the Stuxnet attacks.
 
I am sure that if we were in the East then US, UK, etc. would be highlighted and any reference to China, etc. , would be downplayed.
 
It is just the partisan way of the world.
 
:(
You are exactly right! I hate to know what my own government is working on right now, much less any other governments. 
Userlevel 7
Badge +35
Did I really just read a blog post in English from a German security firm suggesting that malware including Cyrillic words must be Russian in origin? 
 
-Dan
 
 
 
Userlevel 7
Badge +54
Yes you did DanP 😃
Userlevel 7
Dan, why are you surprised...journalists will, these days, do anything to sensationalise their copy...especially when the majority of the public will most likely fall for it?
 
Baldrick

Reply