Kaspersky Lab and Lab CRYSYS today detailed a new malware in the wild, called "MiniDuke," which attacked government entities and institutions across Europe. Governmental entities in Ukraine, Portugal, Romania, and others have been targeted, according to security researcher.
MiniDuke finds its way to the infected computer via PDF files. Pirates - who believes Kaspersky was dormant for some time because of the similarity of the technique to those of the late 1990s - have developed very credible PDFs and apparently real. Once the file is downloaded to a computer, the feat, which was written in assembler and is only 20 KB in size, takes advantage of vulnerabilities in unpatched versions 9 readers 10 and 11.After the downloaded program is running on the computer, it creates a unique identifier and encrypts all communication it might have with its creators. It also has built-in mechanisms in this attempt to deceive the antivirus and security professionals into thinking it is harmless.
Once all the controls and safeguards are in place, the software connects to Twitter to find tweets on premade accounts, according to Kaspersky. These tweets contain tags with encrypted URL for backdoors that can send commands and open backdoors through other GIF files.
Are particularly malicious backdoors. Once executed on the computer, they can allow hackers to access files, move, delete, or create directories.
Hackers exploited Adobe bugs corrected an update last week that cause programs to crash and allow an attacker to take control of an infected computer. Adobe has acknowledged a week before the update that allowed attackers flaws to exploit its software, but did not provide details on the nature of these attacks.
However, according to Kaspersky, the attacks are still active and the last update MiniDuke descended on February 20, which states that hackers could find a solution to the patches.
We do not know what hackers looking to steal, but they attacked government entities gives an idea.
CNET has contacted Adobe to comment on the hack. We will update this story when we have more information.
