- V3 Apps
Kaspersky and Crysys Labs have linked the Miniduke cyber campaign to Java and Internet Explorer 8 exploits.
Russian firm Kaspersky linked the attack to the new exploits in a blog post on Monday, after analysing the behaviour of command and control (C&C) servers.
"We've discovered two new, previously unknown infection mechanisms for Miniduke. These new infection vectors rely on Java and IE vulnerabilities to infect the victim's PC," wrote Kaspersky's Igor Soumenkov.
"While inspecting one of the C&C servers of Miniduke, we have found files that were not related to the C&C code, but seemed to be prepared for infecting visitors using web-based vulnerabilities."
The Java exploit reportedly targets a patched vulnerability which was also targeted by a malware exploit kit known as Metasploit. But the Miniduke iteration can also shut down the infected machines security manager, thus making it harder to detect.
The IE8 exploit also reportedly targets another patched vulnerability, this time discovered at the end December 2012.
Miniduke was discovered at the start of the year by Kaspersky and Crysys Lab targeting government and critical infrastructures systems with malicious PDF files.
Soumenkov warned that while the two vulnerabilities targeted by Miniduke have been patched, it does mean that the malware could have infected more systems than first thought.
"Although the exploits were already known and published at the time of the attack, they were still very recent and could have worked against designated targets," wrote Soumenkov.
"As previously recommended, updating Windows, Java and Adobe Reader to the latest versions should provide a basic level of defence against the known Miniduke attacks.
"Of course, it is possible that other unknown infection vectors exist; we will continue to monitor the situation and update the blog with new data when appropriate."
The news comes amid ongoing concerns regarding Java's security, which has become a prime target for cyber criminals following the discovery of several zero-day vulnerabilities in its code.