All the latest UK technology news, reviews and analysis

Miniduke malware linked to Java and Internet Explorer 8 exploits

11 Mar 2013
Security padlock image

Kaspersky and Crysys Labs have linked the Miniduke cyber campaign to Java and Internet Explorer 8 exploits.

Russian firm Kaspersky linked the attack to the new exploits in a blog post on Monday, after analysing the behaviour of command and control (C&C) servers.

"We've discovered two new, previously unknown infection mechanisms for Miniduke. These new infection vectors rely on Java and IE vulnerabilities to infect the victim's PC," wrote Kaspersky's Igor Soumenkov.

"While inspecting one of the C&C servers of Miniduke, we have found files that were not related to the C&C code, but seemed to be prepared for infecting visitors using web-based vulnerabilities."

The Java exploit reportedly targets a patched vulnerability which was also targeted by a malware exploit kit known as Metasploit. But the Miniduke iteration can also shut down the infected machines security manager, thus making it harder to detect.

The IE8 exploit also reportedly targets another patched vulnerability, this time discovered at the end December 2012.

Miniduke was discovered at the start of the year by Kaspersky and Crysys Lab targeting government and critical infrastructures systems with malicious PDF files.

The campaign targeted organisations in Ukraine, Belgium, Portugal, Romania, the Czech Republic, Ireland and the UK.

Soumenkov warned that while the two vulnerabilities targeted by Miniduke have been patched, it does mean that the malware could have infected more systems than first thought.

"Although the exploits were already known and published at the time of the attack, they were still very recent and could have worked against designated targets," wrote Soumenkov.

"As previously recommended, updating Windows, Java and Adobe Reader to the latest versions should provide a basic level of defence against the known Miniduke attacks.

"Of course, it is possible that other unknown infection vectors exist; we will continue to monitor the situation and update the blog with new data when appropriate."

The news comes amid ongoing concerns regarding Java's security, which has become a prime target for cyber criminals following the discovery of several zero-day vulnerabilities in its code.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus

Work location poll - office, remote or home?

Where do you spend most time working on your primary work device?

Popular Threads

Powered by Disqus
LG G Flex 2 hands-on review

CES 2015: LG G Flex 2 video

A closer look at LG's latest curved-screen smartphone

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Graduate Support Specialist, Web applications

Graduate/tech support specialist (web applications...

MS Dynamics CRM Developer

Job Description: CRM Dynamics Developer Job description...

Web/Mobile Manual QA Engineer

Web/Mobile Manual Test Engineer - London - 230-275/day...

Automation QA Engineer

Automation QA Engineer - London - 230-275/day - 3-6 Month...
To send to more than one email address, simply separate each address with a comma.