Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Goverment Employees Targetted By New 'GovRAT' Malware (computerworld.com)

Posted by EditorDavid on from the feds-vs-phishers dept.

Security researchers have detected an upgrade to the GoVRAT malware, which targets government employees and bypasses antivirus tools using stolen digital certificates. An anonymous reader quotes Computerworld: Through GovRAT, hackers can potentially steal files from a victim's computer, remotely execute commands, or upload other malware to the system... The malware features an additional function to secretly monitor network traffic over the victim's computer -- something with scary consequences. "If you're downloading something from a particular resource, the hackers can intercept the download and replace it with malware," said InfoArmor CIO Andrew Komarov on Friday.

Last year, InfoArmor said that earlier versions of GovRAT had attacked more than 15 governments around the world, in addition to seven financial institutions and over 100 corporations. The security researchers say GovRAT comes with "a stolen database of 33,000 Internet accounts, some of which belong to U.S. government employees," including names, email addresses and hashed passwords.

30 comments

  1. Exterminate the manlets! by Anonymous Coward · · Score: -1

    Exterminate the manlets! Exterminate the manlets!

    1. Re:Exterminate the manlets! by Anonymous Coward · · Score: -1

      Damn, I wish I still had some mod points left to mod you up.

    2. Re:Exterminate the manlets! by K.+S.+Kyosuke · · Score: 2

      That sounds like a suspiciously specific cause for a Dalek.

      --
      Ezekiel 23:20
  2. Bad priorities by Anonymous Coward · · Score: -1, Flamebait

    The whole government is extremely vulnerable. Undoubtedly a lot of damage has been done and a lot of secret information leaked, on a massive scale. However, you simpletons only are capable of focusing on Hillary Clinton's private email server. My god, you people are clueless.

    1. Re:Bad priorities by Anonymous Coward · · Score: 2, Interesting

      Yeah, thank Snowden for that.

      Clinton is a part of the problem though, not part of the solution.

    2. Re:Bad priorities by Anonymous Coward · · Score: -1

      Yeah, thank Snowden for that.

      Yep, hang him up high. Fuck that traitorous shithead.

    3. Re:Bad priorities by Anonymous Coward · · Score: 1

      'Yep, hang him up high. Fuck that traitorous shithead.'

      This comment says more about the writer than about Snowden.

    4. Re:Bad priorities by Anonymous Coward · · Score: -1

      Yes, it does. It says I don't support arrogant, double-agent turncoats who flee to Russia.

    5. Re: Bad priorities by Anonymous Coward · · Score: 0

      He didnt flee to Russia, the us revoked his passport before he could fly out.

      At least get your own bullshit straight.

    6. Re: Bad priorities by Anonymous Coward · · Score: -1

      Uh huh.

    7. Re: Bad priorities by Anonymous Coward · · Score: 0

      He wasn't traveling on his passport, he was traveling on temporary travel documents issued by the Ecuador government.

      So you're full of shit.

    8. Re: Bad priorities by Anonymous Coward · · Score: 2, Informative

      Wrong, faggot. The U.S. government revoked his passport, so he cannot leave.

      Much easier to turn him into a RUSSIAN BOOGIEMAN when you make him stranded there, isn't it?

      https://www.rt.com/usa/162144-...

    9. Re: Bad priorities by Anonymous Coward · · Score: -1

      And yet if he isn't giving anything to the Russian government why would they ever grant him asylum? He's Putin little cock-sucking lapdog.

    10. Re:Bad priorities by Anonymous Coward · · Score: -1

      Thats what happens when you make your infrastructure depend on Microsoft.

      NO SECURITY.

    11. Re: Bad priorities by Anonymous Coward · · Score: 0

      Oh, please! It's Putin's. With an apostrophe.

    12. Re: Bad priorities by AutodidactLabrat · · Score: 1

      Wrong.
      That's Trump doing the tube-steak boogie

  3. Congress? by Anonymous Coward · · Score: 0

    US government... malware... for a minute i thought they were talking about Congress. That's about as malware as it gets

  4. Karma... by Anonymous Coward · · Score: 1

    Karma is a bitch, eh....

  5. KAINE2016!! by Anonymous Coward · · Score: -1

    In many ways, he's kind of like Trump. Finally, the true unity candidate.

  6. Let Me Guess by Anonymous Coward · · Score: -1

    Another piece of Windows malware. Although the C&C can also be compiled for Linux.

    The affected OS should be front and center in any vulnerability report. That includes Slashdot summaries.

    1. Re:Let Me Guess by Anonymous Coward · · Score: 0

      hear hear..

      I had to go nosing around for that tidbit.

  7. Targetted by Anonymous Coward · · Score: 1

    Good job mods.

  8. Sure would be nice if we had a TLA to protect us by Snotnose · · Score: 3, Insightful

    Oh, wait, we do. The NSA. Their job should be to find these vulnerabilities, notify the vendor, and help keep us all safe. Too bad our current USA government is so corrupt simple things like this simply don't happen.

  9. NSA = National Security Agency ... FOR THE ESTABLI by Anonymous Coward · · Score: 0

    Oh, wait, we do. The NSA. Their job should be to find these vulnerabilities, notify the vendor, and help keep us all safe. Too bad our current USA government is so corrupt simple things like this simply don't happen.

    NSA = National Security Agency ... FOR THE ESTABLISHMENT, NOT THE PEOPLE.

    Collateral damage is OK in this government branch if it means the establishment can gain even the slightest edge in screwing over anyone they don't like.

  10. Re:Sure would be nice if we had a TLA to protect u by BoRegardless · · Score: 2

    Because the NSA wants to use GovRAT themselves!

  11. Re:Sure would be nice if we had a TLA to protect u by AHuxley · · Score: 1

    The NSA, GCHQ, CIA want to see who is looking for what on wide open, junk private sector contractor supported US gov networks.
    The huge hope is that someone interesting will look for a project or name on a gov network and expose the real origins of such hidden information.
    What really happened is the plain text US networks are left so wide open that anyone can log in and look around, save all data found in bulk, plain text or test malware on a huge scale. Why risk a live search and real time detection, just save it all.
    For a honey pot to work the lid has to be kept off.
    That exposed entire US gov sectors and all their contractors to some risk.
    Other agencies see that gov bait as a wonderful tracking tool while fully protecting their own networks.
    The other aspect is budgets, for US gov cyber budgets to grow, issues like this have to make it to the press and be fully reported on.
    More cash for private sector contractors to track and fix the issues any US gov worker could as part of their job.
    Spies and the private sector are enjoying the work load, over time, profits and results. All other US gov workers are just left to float around on open junk networks.
    So the NSA is looking at everything, just not looking to protect anything.

    --
    Domestic spying is now "Benign Information Gathering"
  12. GoVRAT malware only targets Microsoft Windows .. by khz6955 · · Score: 2

    "GoVRAT malware, which targets government employees"

    Slashdot is getting as bad as the rest of the technical press. As in choking on the words Microsoft Windows in relation to malware. If the NSA hadn't expended so much effort in diluting security on Microsoft Windows then we wouldn't be in this mess.

  13. it is an opportunity, not a threat by Anonymous Coward · · Score: 0

    This software should be mandatory on every government computer, with a slight modification that all info is made publicly available.
    Should be now problem, I am sure they have nothing to hide.

  14. Re:Sure would be nice if we had a TLA to protect u by Anonymous Coward · · Score: 0

    The ability to use stolen certificates to bypass intrusion detection and anti-virus is troublesome. Do they really bypass all checks on signed binaries? It is another instance of the key-management problem all over again.

  15. Setup? by Anonymous Coward · · Score: 0

    So if it can extract, can it also insert? Say porn, or child porn? Nice way to knock out opponents looking to reign in the security apparatchik of United States.
    And who of the five eyes uses this? Is Mossad including on the CC (or BCC)?