Uroburos - highly complex espionage software with Russian roots

Discussion in 'malware problems & news' started by Dermot7, Feb 28, 2014.

  1. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,198
    Location:
    Surrey, England.
  2. Inside Out

    Inside Out Registered Member

    Joined:
    Sep 17, 2013
    Posts:
    421
    Location:
    Pangea
    There's a commented sample already detected by 6(+1) scanners at virustotal with the exact same hashes and file size as the one mentioned in their red paper. :rolleyes:
     
    Last edited: Feb 28, 2014
  3. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    Detecting a signature file is not the same as analyzing its code in a deeper manner, signature detection and actual research and understanding of a thread is different.
     
  4. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,531
    Location:
    Sneffels volcano
  5. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
  6. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
  7. Inside Out

    Inside Out Registered Member

    Joined:
    Sep 17, 2013
    Posts:
    421
    Location:
    Pangea
    Only G-Data could rely on a bunch of forum posts because they can't do their own RE, no matter how qualified the forumites in question are. I can't imagine, say, F-Secure or Kaspersky needing it. :rolleyes: And if it you can't detect something, that means your research just isn't good enough for you to be able to, because the point of malware research is to prevent, detect or at the very least helping others detect malware.
     
    Last edited: Mar 11, 2014
  8. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    Lol, worthless.
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,055
    Location:
    The Netherlands
    Basically this proves that PatchGuard is not good enough. We need hypervisor based security, very disappointing that a billion dollar company who invests lots of money in R&D still hasn´t developed this. It should be added to Windows ASAP. :rolleyes:

    http://www.mcafee.com/us/solutions/mcafee-deepsafe.aspx
    http://northsecuritylabs.blogspot.n...pdated-max=2012-01-01T00:00:00Z&max-results=4
    http://www.google.nl/url?q=http://w...0QFjAD&usg=AFQjCNH8A7ZQJIq9bLr9MbStLgMp_PZlrA
     
  10. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,198
    Location:
    Surrey, England.
    https://www.securelist.com/en/blog/8191/Agent_btz_a_source_of_inspiration
     
  11. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,198
    Location:
    Surrey, England.
    http://blogs.mcafee.com/mcafee-labs/analyzing-uroburos-patchguard-bypass
     
  12. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,088
    Turla cyber-espionage campaign puzzle solved

    http://www.net-security.org/malware_news.php?id=2832
     
  13. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,198
    Location:
    Surrey, England.
    http://blog.crysys.hu/2014/08/the-e...on-command-and-control-server-infrastructure/

    http://news.softpedia.com/news/Roma...d-in-Turla-Watering-Hole-Attacks-454175.shtml
     
  14. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,088
  15. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,198
    Location:
    Surrey, England.
    https://blog.gdatasoftware.com/blog/article/the-uroburos-case-new-sophisticated-rat-identified.html
     
  16. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,531
    Location:
    Sneffels volcano
  17. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,150
    Location:
    UK
    So, nominally first discovered by a private German AV company, and out there for 2+ years.

    And either not discovered or not communicated by our cyber-defence organisations.
     
  18. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,980
    Location:
    U.S.A.
  19. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,198
    Location:
    Surrey, England.
    http://www.bankinfosecurity.com/swiss-defense-firm-hack-tied-to-turla-malware-a-9128
     
Loading...