'Old School' Hackers Attack European Governments Using 'MiniDuke' Malware

puddingebola writes "The Guardian reports that hackers have been targeting officials from over 20 European governments with a new piece of malware called 'MiniDuke.' 'The cybersecurity firm Kaspersky Lab, which discovered MiniDuke, said the attackers had servers based in Panama and Turkey – but an examination of the code revealed no further clues about its origin (PDF). Goverments targeted include those of Ireland, Romania, Portugal, Belgium and the Czech Republic. The malware also compromised the computers of a prominent research foundation in Hungary, two thinktanks, and an unnamed healthcare provider in the US.' Eugene Kaspersky says it's an unusual piece of malware because it's reminiscent of attacks from two decades ago. 'I remember this style of malicious programming from the end of the 1990s and the beginning of the 2000s. I wonder if these types of malware writers, who have been in hibernation for more than a decade, have suddenly awoken and joined the sophisticated group of threat actors active in the cyber world.' The computers were corrupted through an Adobe PDF attachment to an email."

emailed pdf, say it ain't so!

[masternerdguy]

"The computers were corrupted through an Adobe PDF attachment to an email." -- It never ends! Why is this still an attack vector? This could have been totally avoided with a little user education and decent network security policy.

Re:emailed pdf, say it ain't so!

Or adobe sucking less?

Re:emailed pdf, say it ain't so!

[dgatwood]

This could have been totally avoided with a little user education and decent network security policy.

By which, of course, you mean banning Adobe software and blocking any attempts to download it. It seems like I'm getting Flash Player security updates about once a week. On the one hand, it's good news that they're finally fixing that steaming pile of bugs, but on the other hand, it makes me wonder how many of those security holes have been secretly exploited for years, and how many of the Flash crashes I've seen over the years would have been successful attacks on some specific version of some specific OS.

Re:emailed pdf, say it ain't so!

[aztracker1]

I remember several years back using a flash tool that allowed reading/writing of arbitrary files on the system, back in Flash3-5 IIRC... Our use was not malicious, and it was before Flash had offline data available... we were only using it to store the active simulation/test being taken, but at that time I disabled flash on every machine outside of work I had access to. Was a colossal security hole.

Re:emailed pdf, say it ain't so!

They would have been protected if they had been using Chromebooks.
Within the next 5 years, probably 75% of the world will move to this safer platform and finally most hacks will be gone.
Only power users will still be using full-on PCs.

Re:emailed pdf, say it ain't so!

Exactly. The Chromebook Renaissance will dwarf the Tonka Big Wheel Renaissance that replaced SUVs as much safer, though somewhat limited, forms of transportation.

Re:emailed pdf, say it ain't so!

LOL Tonka ftw XD

PDF attachment

Anyone else weary to click the attached PDF?

Re:PDF attachment

I'm really starting to grow weary of PDF.

What does 'PDF' stand for anyways? 'Pedo file'?

Re:PDF attachment

[cheater512]

Erm no? I use Linux and open PDFs with Okular.

What? You can't honestly tell me that you are using Acrobat? Even on Windows that's stupid.

Re:PDF attachment

I'm really starting to grow weary of PDF.

What does 'PDF' stand for anyways? 'Pedo file'?

PDF: Please Don't Fuckup.

Re:PDF attachment

[aztracker1]

Agreed.. I think it's time that Acrobat simply open in read/view only mode.. no scripts, no forms active, unless you click the warning.. similar to what MS did with Word a decade ago... I use Sumatra on windows...

Re:PDF attachment

[_4rp4n3t]

I'm really starting to grow weary of PDF.

What does 'PDF' stand for anyways? 'Pedo file'?

PDF: Please Don't Fuckup.

PDF-A: Please Don't Fuckup Again

Re:PDF attachment

At work there isn't really much choice. If someone sends me a PDF i'll click it. It's up to the IT department to cry me a river about it. They can cry while they try to fix the damages.

Aging hackers

[Grayhand]

From Hell's retirement home I stab at thee!" Why do I get this picture of some hackers with walkers and false teeth striking out with a couple of old 8088s from their group home?

Re:Aging hackers

True hackers would build their machine out of TTL logic. ( or ECL )

Kids these days.

Re:Aging hackers

[cameloid]

Bu884 H073P

Re:Aging hackers

[trentfoley]

8080A, Z-80, or 6502. When you've been 8-bit hacked, you stay hacked!

You and your new-fangled 16 bit processors. At least use an 8086, or even better, a moto 68k!

And, don't knock false teeth. Where else do you think I have my portable wifi hotspot installed?

Re:Aging hackers

Try http://www.oldskool.org/pc/ or http://www.fairlight.to/ ;-)

Lies of omission

[girlintraining]

The malware also compromised the computers of a prominent research foundation in Hungary, two thinktanks, and an unnamed healthcare provider in the US.

Yes, because anywhere but in the United States, there's no harm in publishing the names of those harmed by malware attacks. I, for one, would be interested in knowing which healthcare provider managed has been infiltrated, since, you know, it could be a life or death kind of thing, unlike research foundations and think tanks.

reminiscent of attacks from two decades ago?

[mcmonkey]

These days, who gets excited over pictures of Anna Kournikova?

Re:reminiscent of attacks from two decades ago?

[Virtucon]

As she was then? or now?

Have you seen her lately? She's still hot.

But I guess I'm in the genre that thinks Jennifer Aniston still is hot.

Re:reminiscent of attacks from two decades ago?

[Nidi62]

But I guess I'm in the genre that thinks Jennifer Aniston still is hot.

When did Jennifer Anniston supposedly become unhot?

Re:reminiscent of attacks from two decades ago?

Ever.

Re:reminiscent of attacks from two decades ago?

Why the hell to people say she's hot?
She's pretty plain looking. Nothing hot there IMHO.

Re:reminiscent of attacks from two decades ago?

Perhaps that's the draw. I don't know. I think she looks hot, and will continue to do so. Even when she's 85 she's still going to be hot.

Get off my lawn

Back in my day we were real hackers. We modified the wooden cogs with sinew and hasps! And that is the way we liked it! You young'ns and your Edison machines! Not one bit of brains amongst any of ya!

Irony

"The computers were corrupted through an Adobe PDF attachment to an email." Links to a PDF describing the attack.

Re:Irony

[s.petry]

I thought the same thing, and reported Kaspersky to Kaspersky as a possible risk!

On the more serious side, it was pretty interesting to see an old school assembly built virus. Takes me back to the good ole days.

open a pdf on ...

[v1]

mac: "The pdf was corrupted and could not be opened. Try downloading again."

mac: "The pdf was corrupted and could not be opened, open in raw text view?"

windows: "This document requires age verification to view. Please verify your internet connection and enter a valid credit card number to proceed."

brain autocorrects previews apparently

[v1]

all typeos will be hidden despite use of preview button, but will become immediately obvious two seconds after clicking POST.

That 2nd line if you coulnd't figure it out, was supposed to start with "linux: " :P

What makes them old school?

[elucido]

I don't understand why hacking through PDF is considered old school. Is the exploit really old?

Re:What makes them old school?

They used assembly code.Popular in the 90's due to its small size.
IMO

Re:What makes them old school?

[ma1wrbu5tr]

I guess because they used good old fashioned con artistry in the form of a seemingly somewhat successful spearphish. (Say that four times fast , boys and goyls!)

What ever you do - don't mention Microsoft Windows

[dgharmon]

"The malware also compromised the computers of a prominent research foundation in Hungary, two thinktanks, and an unnamed healthcare provider in the US"

Is there some kind of rule on tech sites that you're not allowed to mention Microsoft Windows in relation to Windows malware.

Not hackers, I just found this on my Dad's PC..

http://en.wikipedia.org/wiki/Virus_Creation_Laboratory

Re:Not hackers, I just found this on my Dad's PC..

[trentfoley]

I had lots of fun with that in the early 90's. The first time I used the tool, I created a virus with no payload - just replicating and... accidentally unleashed it on my employers network. Fortunately, being the only admin, I cleaned it up before anyone noticed - not that they would anyway. Still, thanks for the memory. And, my kids would never find such a thing on my computers! They have yet to break my encryption.

Re:Not hackers, I just found this on my Dad's PC..

Hey Sis,
Dad still hasn't worked out we cracked his laptop. LOL.
-B

first thing I thought of

[inode_buddha]

first thing I thought of when I saw this was, +0rc and Fravia's pages.... wow that takes me back

One decade ago

Eugene Kaspersky says it's an unusual piece of malware because it's reminiscent of attacks from two decades ago. 'I remember this style of malicious programming from the end of the 1990s and the beginning of the 2000s.

Unless I've been asleep for a very long time, the late 90s/early 00s is one decade ago.

Re:One decade ago

Ah but you've ignored time inflation. A decade about a decade ago is now close to two decades ago in present relative terms!

That's not all but in a deacde the same decade a decade ago will count as nearly three decades!!!!1! and one decade after that anyone in their forties will already be geriatrics :O

Be quick, get your decades now before they run out!

Re:One decade ago

[PiRXlv]

Late 90s is about 15 years ago. Not sure it can be called two decades, but without a doubt it's more than one decade.

Say goodbye to adobe pdf reader

No more slowness and malware. You know you don't have to use it, free software alternatives

http://pdfreaders.org/

MiniDuke?

Am I the only one who now wants to see a more efficient variant of this attack called the "NanoEarl"?

Adobe's software still has an important use case.

[Medievalist]

If you don't load Adobe software, how will you read the early episodes of Platinum Grit?

I'll admit there's no other valid use case for any Adobe software, though.

Stop Executing Data

I know that I'm preaching to the choir here, but it continues to annoy me that PDFs, Flash, Office Docs, Email, etc have any ability at all to infect a machine.
Open the file, read the data, uncompress it if necessary, show it to me. IF (and that's a big if) anything wants to execute ask me before doing so. If that means a prompt every time I open a PDF because some silly thing needs to "execute", then so be it...but opening the file shouldn't execute a damn thing. It should be as benign as opening a text file. Scripting should only run after the user OK's it.

Sure, 90% of people will just click past it, but the only way to get security is to give people the ability to protect themselves. Maybe having some kind of Right Click - Safe View/Safe Mode option might be better, that way people don't have the annoyance of a popup, but have the ability to look without the risk of auto-executing BS.

Personally I use NoScript on FireFox, so I am at least attempting to browse in Safe Mode. But when I open a PDF I don't have that option. That's just asinine.

Re:Adobe's software still has an important use cas

[EdZ]

Luckily, Shadowline have all but the last volume (20) of Platinum Grit available as regular images, derived from the print edition layouts.

I'm not sure whether to praise Oglaf for being hilarious, or damn it for putting the nail in the coffin of Platinum Girt.