14 DAY TRIAL // Earlier this week, we learned about MiniDuke, another sophisticated piece of malware used in cyberattacks against government organizations from Europe and other countries. Security firm Bitdefender claims to have identified an early version of the malware back in May 2012.
According to experts, the variant they identified nine months ago was added to their malware database on May 26, 2012, around five days after being compiled by the cybercriminals. However, at the time, the malware was not recognized.
The older version discovered by Bitdefender behaves pretty much the same as the recently-uncovered MiniDuke samples. However, there are some differences.
The early strain uses a different installation mode and it accesses a page called “What’s the time in China” from which it retrieves the date parameter.
However, researchers say this is not conclusive evidence as to the origin of the attacks.
“We have no leads so far, apart from the appearance of 666 in the code and the fact it was asking what time it is in China at one point. I wouldn’t venture a guess based on such flimsy evidence, frankly,” Bitdefender’s Marius Tivadar explained.
The company’s representatives have told Softpedia that the precise origin of the attacks might be revealed once the investigation is finished.
“The samples we have are all customized, polymorphized, there is an encrypted part which is specifically built for each target machine – but from what we can tell, there is no modularity, like we see with Flamer and Stuxnet. It seems to be all of a piece,” Tivadar noted.
“It’s very old-school malware, although there are some very modern touches, like the use of Twitter and Google for command and control purposes.”
Researchers from Kaspersky and Hungarian security firm CrySyS Lab revealed that the malware has been utilized in attacks against at least 59 organizations located in 23 countries.
Government organizations from Romania, Ukraine, Portugal, Belgium, Ireland and the Czech Republic are on the list of targets.
Bitdefender has released a free stand-alone MiniDuke removal tool. In addition, the Romanian security solutions provider has also published a technical report on the early version of MiniDuke and how it infected computers.