Latest News

Bitdefender Discovers Early Version of MiniDuke Malware

March 2013

Nine-month old sample of MiniDuke used clock on Chinese time


An early version of MiniDuke, the sophisticated cyberspy malware that caught media headlines this week after infecting governments and agencies in Europe and elsewhere, has been operating since at least May of 2012, internet security firm Bitdefender has discovered.

MiniDuke was detected by Bitdefender Labs almost a year ago. The variant discovered by Bitdefender was added to the Bitdefender malware database on 26th of May 2012, although the malware was as-yet unrecognized.

The early version of MiniDuke differs from the one discovered this week mainly in that it uses a different installation mode. The early strain also accesses a page titled `What’s the Time in China,’ with a clock indicating the date and time, but only makes use of the date. Otherwise, the early sample behaves the same as the ones discovered more recently.

"A malware can wreak a lot of havoc, or collects massive amounts of information, in the space of 10 months,” said Bitdefender Chief Security Strategist Catalin Cosoi. “The discovery of the early version from May 2012 suggests that we are just beginning to understand the size and scope of MiniDuke. We’re still analyzing the sample and will communicate any further significant discoveries."

MiniDuke has reportedly sought to steal intelligence from the governments of Ireland, Belgium, Romania, Portugal and the Czech Republic as well as various institutes, a healthcare provider in the US, and other victims in Japan, Brazil and elsewhere.

Bitdefender antivirus software removes all known variants of MiniDuke. The company also released today a free stand-alone removal tool for MiniDuke

For a more detailed analysis of the early strain of MiniDuke, see the technical report on the Bitdefender Labs blog.