All the latest UK technology news, reviews and analysis


Miniduke malware linked to Java and Internet Explorer 8 exploits

11 Mar 2013
Security padlock image

Kaspersky and Crysys Labs have linked the Miniduke cyber campaign to Java and Internet Explorer 8 exploits.

Russian firm Kaspersky linked the attack to the new exploits in a blog post on Monday, after analysing the behaviour of command and control (C&C) servers.

"We've discovered two new, previously unknown infection mechanisms for Miniduke. These new infection vectors rely on Java and IE vulnerabilities to infect the victim's PC," wrote Kaspersky's Igor Soumenkov.

"While inspecting one of the C&C servers of Miniduke, we have found files that were not related to the C&C code, but seemed to be prepared for infecting visitors using web-based vulnerabilities."

The Java exploit reportedly targets a patched vulnerability which was also targeted by a malware exploit kit known as Metasploit. But the Miniduke iteration can also shut down the infected machines security manager, thus making it harder to detect.

The IE8 exploit also reportedly targets another patched vulnerability, this time discovered at the end December 2012.

Miniduke was discovered at the start of the year by Kaspersky and Crysys Lab targeting government and critical infrastructures systems with malicious PDF files.

The campaign targeted organisations in Ukraine, Belgium, Portugal, Romania, the Czech Republic, Ireland and the UK.

Soumenkov warned that while the two vulnerabilities targeted by Miniduke have been patched, it does mean that the malware could have infected more systems than first thought.

"Although the exploits were already known and published at the time of the attack, they were still very recent and could have worked against designated targets," wrote Soumenkov.

"As previously recommended, updating Windows, Java and Adobe Reader to the latest versions should provide a basic level of defence against the known Miniduke attacks.

"Of course, it is possible that other unknown infection vectors exist; we will continue to monitor the situation and update the blog with new data when appropriate."

The news comes amid ongoing concerns regarding Java's security, which has become a prime target for cyber criminals following the discovery of several zero-day vulnerabilities in its code.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

Windows 7 end of mainstream support

What are your plans for when Microsoft ends mainstream support for Windows 7 in January 2015?
8%
8%
1%
70%
13%

Popular Threads

Powered by Disqus
LG G3 in gold black and white

LG G3 vs Galaxy S5 video

We pit the two Korean firms' flagship smartphones against each other

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Data Analyst - Data Migration, T-SQL, SSIS

Data Analyst - Data Migration, T-SQL, SSIS SECTOR...

Head of User Experience / Head of UX

Head of User Experience / Head of UX / Ecommerce / E...

System Support Officer

South Somerset District Council The Council Offices...

Network Operations Engineer

Network Operations Engineer We are seeking a Network...
To send to more than one email address, simply separate each address with a comma.