Rediff.com« Back to articlePrint this article

Russian researchers discover malware targeting sensitive govt institutions globally

January 15, 2013 19:19 IST

Red October, a virus designed for targeting government institutions like embassies, nuclear research centers, oil and gas institutes, has been discovered by researchers in Russia.

The malware, which is suspected to be stealing confidential and sensitive information since 2007, can be used to steal encrypted files, and also recover deleted files, said a BBC report.

According to Kaspersky Labs, the cyber attack targets countries in Eastern Europe, former USSR Republics and Central Asia, although victims can be found everywhere, including Western Europe and North America.

The victims of the cyber attack, discovered in last October, have been carefully selected, said Kaspersky's chief malware researcher Vitaly Kamluk.

He added that that this a part of a major cyber campaign. Red October - which is named after a Russian submarine featured in the Tom Clancy novel The Hunt For Red October - bears many similarities with Flame, a cyber-attack discovered last year.

Like Flame, Red October is made up of several distinct modules, each with a set objective or function. One of the most significant attacks ever to be discovered, Red October has more than 60 domain names to run the attack, based mostly in Germany and Russia.

It specifically targets 'Cryptofiler' files - an encryption technique used by organisations like NATO and the European Union. Unlike Stuxnet, another major cyber-attack, Red October is not believed to have caused any physical damage to infrastructure.

According to Prof Alan Woodward, from the University of Surrey, the malware is unique as it can hide on a machine as if deleted. Like most malware attacks, there are clues as to its origin - however security experts warn that any calling cards found within the attack's code could in fact be an attempt to throw investigators off the real scent.

A 100-page report into the malware is to be published later this week, Kaspersky said.

Source: ANI