0丝袜技师全文全文阅读

Massive espionage malware targeting governments 12 African countries Affected

first_imgAdvertisement Kaspersky Lab Experts just released a report about a Massive espionage malware targeting governments around the world, including 12 African countries affected. The most affected country in Africa is Uganda.  According to the report the large scale cyber-espionage campaign was active since 2007 and is still active at the time of writing (January 2013). The main purpose of the campaign is to gather classified information and geopolitical intelligence.It’s targeted to affect international diplomatic service agencies, or governments computers. The most affected countries are in Eastern Europe, former USSR members and countries in Central Asia, but also in Western Europe and North America. – Advertisement – Kaspersky experts were not able to identify the people or organizations responsible for the project.Within the last three years three espionage malware targeting governments been discovered. First,  “Stuxnet”, which targeted Iran. Then “Flame”, which targeted Middle Eastern countries in general. And “Red October”, which has a massive global reach.The main activities or tasks of the malware on affected computers and networks as reported by the Kaspersky report are:Examples of “persistent” tasksOnce a USB drive is connected, search and extract files by mask/format, including deleted files. Deleted files are restored using a built in file system parserWait for an iPhone or a Nokia phone to be connected. Once connected, retrieve information about the phone, its phone book, contact list, call history, calendar, SMS messages, browsing historyWait for a Windows Mobile phone to be connected. Once connected, infect the phone with a mobile version of the Rocra main componentWait for a specially crafted Microsoft Office or PDF document and execute a malicious payload embedded in that document, implementing a one-way covert channel of communication that can be used to restore control of the infected machineRecord all the keystrokes, make screenshotsExecute additional encrypted modules according to a pre-defined scheduleRetrieve e-mail messages and attachments from Microsoft Outlook and from reachable mail servers using previously obtained credentialsExamples of “one-time” tasksCollect general software and hardware environment informationCollect filesystem and network share information, build directory listings, search and retrieve files by mask provided by the C&C serverCollect information about installed software, most notably Oracle DB, RAdmin, IM software including Mail.Ru agent, drivers and software for Windows Mobile, Nokia, SonyEricsson, HTC, Android phones, USB drivesExtract browsing history from Chrome, Firefox, Internet Explorer, OperaExtract saved passwords for Web sites, FTP servers, mail and IM accountsExtract Windows account hashes, most likely for offline crackingExtract Outlook account informationDetermine the external IP address of the infected machineDownload files from FTP servers that are reachable from the infected machine (including those that are connected to its local network) using previously obtained credentialsWrite and/or execute arbitrary code provided within the taskPerform a network scan, dump configuration data from Cisco devices if availablePerform a network scan within a predefined range and replicate to vulnerable machines using the MS08-067 vulnerabilityReplicate via network using previously obtained administrative credentialsThe digital attack and colonization of digitally weak countries have just begun.Credit: SiliconAfricalast_img read more