1 min read

More On MiniDuke and How to Remove It

Răzvan STOICA

March 01, 2013

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
More On MiniDuke and How to Remove It

The APT floodgates seem to have opened sometime in the past twelve months, Stuxnet is no longer alone in the field and the latest arrival is MiniDuke, a very sophisticated, if low-profile and minimalist piece of malware.

“We’re dealing, unfortunately, with the work of a very small group of career criminals – people who’ve written a lot of malware before MiniDuke and who are doing more with less.

To make a comparison, Flamer was obviously much more complex, probably the work of a big, competent, well-managed team, there were lots of resources poured into finding and using zero day exploits, it was an expensive e-threat to build, all in all. MiniDuke looks much more like a hacker project, it’s done on a shoestring budget” Marius Tivadar commented.

This comparative lack of resources has apparently imposed some odd design choices on the malware writers.

“The samples we have are all customized, polymorphized, there is an encrypted part which is specifically built for each target machine – but from what we can tell, there is no modularity, like we see with Flamer and Stuxnet. It seems to be all of a piece. It’s very old-school malware, although there are some very modern touches, like the use of Twitter and Google for command and control purposes” Marius said.

When asked to comment upon the possible origin of the malware, mr. Tivadar explained : “we have no leads so far, apart from the appearance of 666 in the code and the fact it was asking what time it is in China at one point. I wouldn’t venture a guess based on such flimsy evidence, frankly.”

Bitdefender has released a free removal tool: [download id=”3800″].

UPDATE: the removal tool has been itself updated, to deal with newly-discovered samples.

tags


Author



Right now

Top posts

Vulnerabilities Identified in Wyze Cam IoT Device

Vulnerabilities Identified in Wyze Cam IoT Device

March 29, 2022

1 min read
New FluBot and TeaBot Global Malware Campaigns Discovered

New FluBot and TeaBot Global Malware Campaigns Discovered

January 26, 2022

10 min read
Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

December 10, 2021

2 min read
Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand

Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand

November 08, 2021

2 min read
Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware

Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware

September 16, 2021

2 min read
LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

July 21, 2021

9 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

New FluBot Campaign Sweeps through Europe Targeting Android and iOS Users Alike New FluBot Campaign Sweeps through Europe Targeting Android and iOS Users Alike
Filip TRUȚĂRăzvan GOSAAdrian Mihai GOZOB
4 min read
New FluBot and TeaBot Global Malware Campaigns Discovered New FluBot and TeaBot Global Malware Campaigns Discovered
Bitdefender

January 26, 2022

10 min read
Poking Holes in Crypto-Wallets: A Short Analysis of BHUNT Stealer Poking Holes in Crypto-Wallets: A Short Analysis of BHUNT Stealer
Bitdefender

January 19, 2022

2 min read