Cyber Attack also on European Governments
At the moment you hear news about a big cyber-attack on European governments in different countries. In fact, scientists have found a new type of malware that has infected systems in more than 20 countries across Europe. Some of the aggrieved parties were government institutions in Ireland, Portugal, Romania, Belgium and the Czech Republic.
Adobe Reader versions 9, 10 and 11 are affected from this malware. Since mid-February Adobe has provided a security update for download. If the exploit is already embedded in the system, the shell code in the document from the Adobe Reader sandbox can break out and install the real malware.
Firstly a Downloader is initiated onto the PC and is checking if this is a normal system or an analyse machine. Only when the system is “harmless,“ the initial backdoor is beginning to communicate with the Internet.
The malware communicates with unusual methods with Command & Control-servers. Twitter and Google are used to spread contact information about C&C servers. There are Twitter accounts with inconspicuous names like Edith Albert, Lorinda Ray and many more. These users are posting tweets starting with “uri!” followed by an encrypted URL with parameters. If there are no tweets with the searched data, the malware uses Google to search for the provided information.
The malware addresses different servers and can spread and update depending on a location. Furthermore, it is possible that downloaded malware could be masked as a .gif-file. The aim of the second-stage malware is planned sneak attack causing huge damage with the data from the infected computer.
Protect yourself from these attacks:
- Update all your system components to the most recent version, especially Microsoft, Adobe and Java products
- Get a security solution like IKARUS anti.virus
- Be cautious in opening email-attachments