All the latest UK technology news, reviews and analysis


Miniduke malware linked to Java and Internet Explorer 8 exploits

11 Mar 2013
Security padlock image

Kaspersky and Crysys Labs have linked the Miniduke cyber campaign to Java and Internet Explorer 8 exploits.

Russian firm Kaspersky linked the attack to the new exploits in a blog post on Monday, after analysing the behaviour of command and control (C&C) servers.

"We've discovered two new, previously unknown infection mechanisms for Miniduke. These new infection vectors rely on Java and IE vulnerabilities to infect the victim's PC," wrote Kaspersky's Igor Soumenkov.

"While inspecting one of the C&C servers of Miniduke, we have found files that were not related to the C&C code, but seemed to be prepared for infecting visitors using web-based vulnerabilities."

The Java exploit reportedly targets a patched vulnerability which was also targeted by a malware exploit kit known as Metasploit. But the Miniduke iteration can also shut down the infected machines security manager, thus making it harder to detect.

The IE8 exploit also reportedly targets another patched vulnerability, this time discovered at the end December 2012.

Miniduke was discovered at the start of the year by Kaspersky and Crysys Lab targeting government and critical infrastructures systems with malicious PDF files.

The campaign targeted organisations in Ukraine, Belgium, Portugal, Romania, the Czech Republic, Ireland and the UK.

Soumenkov warned that while the two vulnerabilities targeted by Miniduke have been patched, it does mean that the malware could have infected more systems than first thought.

"Although the exploits were already known and published at the time of the attack, they were still very recent and could have worked against designated targets," wrote Soumenkov.

"As previously recommended, updating Windows, Java and Adobe Reader to the latest versions should provide a basic level of defence against the known Miniduke attacks.

"Of course, it is possible that other unknown infection vectors exist; we will continue to monitor the situation and update the blog with new data when appropriate."

The news comes amid ongoing concerns regarding Java's security, which has become a prime target for cyber criminals following the discovery of several zero-day vulnerabilities in its code.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

Microsoft Azure outage

Is cloud computing reliable enough for business yet?
9%
7%
17%
67%

Popular Threads

Powered by Disqus
Samsung Galaxy S5 hands on review home screen

MWC: Samsung Galaxy S5 video demo

We check out the key features of Samsung's rugged KitKat handset

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Space Planning Assistant

Central London (Regent campus) Fixed Term until...

IT Security Manager

IT Security Manager Overview: Do you want to...

Business Analyst - ERP Team

BUSINESS ANALYST – ERP TEAM, Based in Uxbridge, London...

PHP Developer MVC - Central London

Who are we? Shopworks We are a Workforce Management...
To send to more than one email address, simply separate each address with a comma.