'Old School' Hackers Attack European Governments Using 'MiniDuke' Malware

← Back to Stories (view on slashdot.org)

'Old School' Hackers Attack European Governments Using 'MiniDuke' Malware

Posted by Soulskill on Wednesday February 27, 2013 @12:20PM from the you-don't-want-to-go-full-duke dept.

puddingebola writes "The Guardian reports that hackers have been targeting officials from over 20 European governments with a new piece of malware called 'MiniDuke.' 'The cybersecurity firm Kaspersky Lab, which discovered MiniDuke, said the attackers had servers based in Panama and Turkey – but an examination of the code revealed no further clues about its origin (PDF). Goverments targeted include those of Ireland, Romania, Portugal, Belgium and the Czech Republic. The malware also compromised the computers of a prominent research foundation in Hungary, two thinktanks, and an unnamed healthcare provider in the US.' Eugene Kaspersky says it's an unusual piece of malware because it's reminiscent of attacks from two decades ago. 'I remember this style of malicious programming from the end of the 1990s and the beginning of the 2000s. I wonder if these types of malware writers, who have been in hibernation for more than a decade, have suddenly awoken and joined the sophisticated group of threat actors active in the cyber world.' The computers were corrupted through an Adobe PDF attachment to an email."

31 of 48 comments (clear)

Min score:

Reason:

Sort:

emailed pdf, say it ain't so! by masternerdguy · 2013-02-27 12:26 · Score: 1

"The computers were corrupted through an Adobe PDF attachment to an email." -- It never ends! Why is this still an attack vector? This could have been totally avoided with a little user education and decent network security policy.

--
To offset political mods, replace Flamebait with Insightful.
1. Re:emailed pdf, say it ain't so! by dgatwood · 2013-02-27 12:50 · Score: 1
  
  This could have been totally avoided with a little user education and decent network security policy.
  By which, of course, you mean banning Adobe software and blocking any attempts to download it. It seems like I'm getting Flash Player security updates about once a week. On the one hand, it's good news that they're finally fixing that steaming pile of bugs, but on the other hand, it makes me wonder how many of those security holes have been secretly exploited for years, and how many of the Flash crashes I've seen over the years would have been successful attacks on some specific version of some specific OS.
  
  --
  Check out my sci-fi/humor trilogy at PatriotsBooks.
2. Re:emailed pdf, say it ain't so! by aztracker1 · 2013-02-27 15:08 · Score: 2
  
  I remember several years back using a flash tool that allowed reading/writing of arbitrary files on the system, back in Flash3-5 IIRC... Our use was not malicious, and it was before Flash had offline data available... we were only using it to store the active simulation/test being taken, but at that time I disabled flash on every machine outside of work I had access to. Was a colossal security hole.
  
  --
  Michael J. Ryan - tracker1.info
3. Re:emailed pdf, say it ain't so! by Anonymous Coward · 2013-02-27 15:31 · Score: 2, Insightful
  
  They would have been protected if they had been using Chromebooks.
  Within the next 5 years, probably 75% of the world will move to this safer platform and finally most hacks will be gone.
  Only power users will still be using full-on PCs.
4. Re:emailed pdf, say it ain't so! by Anonymous Coward · 2013-02-27 15:57 · Score: 1
  
  Exactly. The Chromebook Renaissance will dwarf the Tonka Big Wheel Renaissance that replaced SUVs as much safer, though somewhat limited, forms of transportation.
PDF attachment by Anonymous Coward · 2013-02-27 12:27 · Score: 5, Funny

Anyone else weary to click the attached PDF?
1. Re:PDF attachment by Anonymous Coward · 2013-02-27 12:35 · Score: 1
  
  I'm really starting to grow weary of PDF.
  What does 'PDF' stand for anyways? 'Pedo file'?
2. Re:PDF attachment by cheater512 · 2013-02-27 12:55 · Score: 1
  
  Erm no? I use Linux and open PDFs with Okular.
  What? You can't honestly tell me that you are using Acrobat? Even on Windows that's stupid.
3. Re:PDF attachment by Anonymous Coward · 2013-02-27 13:49 · Score: 2, Funny
  
  I'm really starting to grow weary of PDF.
  What does 'PDF' stand for anyways? 'Pedo file'?
  PDF: Please Don't Fuckup.
4. Re:PDF attachment by aztracker1 · 2013-02-27 15:10 · Score: 1
  
  Agreed.. I think it's time that Acrobat simply open in read/view only mode.. no scripts, no forms active, unless you click the warning.. similar to what MS did with Word a decade ago... I use Sumatra on windows...
  
  --
  Michael J. Ryan - tracker1.info
5. Re:PDF attachment by _4rp4n3t · 2013-02-27 16:22 · Score: 2
  
  I'm really starting to grow weary of PDF.
  What does 'PDF' stand for anyways? 'Pedo file'?
  PDF: Please Don't Fuckup.
  PDF-A: Please Don't Fuckup Again
Aging hackers by Grayhand · 2013-02-27 12:34 · Score: 4, Funny

From Hell's retirement home I stab at thee!" Why do I get this picture of some hackers with walkers and false teeth striking out with a couple of old 8088s from their group home?
1. Re:Aging hackers by cameloid · 2013-02-27 13:27 · Score: 1
  
  Bu884 H073P
  
  --
  -- Cisk for the Cisk God
2. Re:Aging hackers by trentfoley · 2013-02-27 17:00 · Score: 1, Funny
  
  8080A, Z-80, or 6502. When you've been 8-bit hacked, you stay hacked!
  You and your new-fangled 16 bit processors. At least use an 8086, or even better, a moto 68k!
  And, don't knock false teeth. Where else do you think I have my portable wifi hotspot installed?
reminiscent of attacks from two decades ago? by mcmonkey · 2013-02-27 12:51 · Score: 2

These days, who gets excited over pictures of Anna Kournikova?
1. Re:reminiscent of attacks from two decades ago? by Virtucon · 2013-02-27 13:15 · Score: 1
  
  As she was then? or now?
  Have you seen her lately? She's still hot.
  But I guess I'm in the genre that thinks Jennifer Aniston still is hot.
  
  --
  Harrison's Postulate - "For every action there is an equal and opposite criticism"
2. Re:reminiscent of attacks from two decades ago? by Nidi62 · 2013-02-27 14:12 · Score: 1
  
  But I guess I'm in the genre that thinks Jennifer Aniston still is hot.
  When did Jennifer Anniston supposedly become unhot?
  
  --
  The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
Get off my lawn by Anonymous Coward · 2013-02-27 13:01 · Score: 1

Back in my day we were real hackers. We modified the wooden cogs with sinew and hasps! And that is the way we liked it! You young'ns and your Edison machines! Not one bit of brains amongst any of ya!
Irony by Anonymous Coward · 2013-02-27 13:02 · Score: 3, Funny

"The computers were corrupted through an Adobe PDF attachment to an email." Links to a PDF describing the attack.
1. Re:Irony by s.petry · 2013-02-27 13:09 · Score: 1
  
  I thought the same thing, and reported Kaspersky to Kaspersky as a possible risk!
  On the more serious side, it was pretty interesting to see an old school assembly built virus. Takes me back to the good ole days.
  
  --
  -The wise argue that there are few absolutes, the fool argues that there are no probabilities.
open a pdf on ... by v1 · 2013-02-27 13:26 · Score: 4, Funny

mac: "The pdf was corrupted and could not be opened. Try downloading again."
mac: "The pdf was corrupted and could not be opened, open in raw text view?"
windows: "This document requires age verification to view. Please verify your internet connection and enter a valid credit card number to proceed."

--
I work for the Department of Redundancy Department.
brain autocorrects previews apparently by v1 · 2013-02-27 13:28 · Score: 1

all typeos will be hidden despite use of preview button, but will become immediately obvious two seconds after clicking POST.
That 2nd line if you coulnd't figure it out, was supposed to start with "linux: " :P

--
I work for the Department of Redundancy Department.
What makes them old school? by elucido · 2013-02-27 13:33 · Score: 1

I don't understand why hacking through PDF is considered old school. Is the exploit really old?
1. Re:What makes them old school? by ma1wrbu5tr · 2013-02-27 14:07 · Score: 1
  
  I guess because they used good old fashioned con artistry in the form of a seemingly somewhat successful spearphish. (Say that four times fast , boys and goyls!)
  
  --
  Why can't we go back to using jumpers to configure slot adapter cards? Why? I say!
What ever you do - don't mention Microsoft Windows by dgharmon · 2013-02-27 14:04 · Score: 1

"The malware also compromised the computers of a prominent research foundation in Hungary, two thinktanks, and an unnamed healthcare provider in the US"

Is there some kind of rule on tech sites that you're not allowed to mention Microsoft Windows in relation to Windows malware.

--
AccountKiller
first thing I thought of by inode_buddha · 2013-02-27 15:11 · Score: 1

first thing I thought of when I saw this was, +0rc and Fravia's pages.... wow that takes me back

--
C|N>K
One decade ago by Anonymous Coward · 2013-02-27 16:38 · Score: 4, Insightful

Eugene Kaspersky says it's an unusual piece of malware because it's reminiscent of attacks from two decades ago. 'I remember this style of malicious programming from the end of the 1990s and the beginning of the 2000s.
Unless I've been asleep for a very long time, the late 90s/early 00s is one decade ago.
1. Re:One decade ago by PiRXlv · 2013-02-27 21:37 · Score: 1
  
  Late 90s is about 15 years ago. Not sure it can be called two decades, but without a doubt it's more than one decade.
Re:Not hackers, I just found this on my Dad's PC.. by trentfoley · 2013-02-27 17:09 · Score: 1

I had lots of fun with that in the early 90's. The first time I used the tool, I created a virus with no payload - just replicating and... accidentally unleashed it on my employers network. Fortunately, being the only admin, I cleaned it up before anyone noticed - not that they would anyway. Still, thanks for the memory. And, my kids would never find such a thing on my computers! They have yet to break my encryption.
Adobe's software still has an important use case. by Medievalist · 2013-02-28 03:47 · Score: 1

If you don't load Adobe software, how will you read the early episodes of Platinum Grit?
I'll admit there's no other valid use case for any Adobe software, though.
Re:Adobe's software still has an important use cas by EdZ · 2013-02-28 11:00 · Score: 1

Luckily, Shadowline have all but the last volume (20) of Platinum Grit available as regular images, derived from the print edition layouts.

I'm not sure whether to praise Oglaf for being hilarious, or damn it for putting the nail in the coffin of Platinum Girt.