Member nobbis writes:
"German Anti Virus firm G Data Security are reporting a sophisticated rootkit that they believe originates in Russia, is linked to intelligence agencies, and is related to an attack against the US in 2008.
The rootkit named Uroburos is seen as evidence of a Russian cyber weapons programme, and was compiled in 2011, meaning it has been undetected for 3 years.
Uroburos is designed to perform peer to peer attacks against both 32 and 64 bit Windows systems, Analysis is ongoing and the means of infection is unknown, but Graham Cluley notes that Uroburos creates two virtual file systems on the infected system, one NTFS and one FAT, to disguise its activities.
G Data think that given the complexity of the malware its targets are governments, research institutes or large companies."
(Score: 3, Interesting) by mrbluze on Wednesday March 05 2014, @07:44AM
Which side is the bad guy again? I'm getting so confused.
Do it yourself, 'cause no one else will do it yourself.
(Score: 5, Funny) by nobbis on Wednesday March 05 2014, @07:45AM
the other side, they're the bad guys
It's easy to look up when your mind's in the gutter
(Score: 5, Funny) by mrbluze on Wednesday March 05 2014, @07:57AM
You mean Microsoft? Ah yes now I remember.
Do it yourself, 'cause no one else will do it yourself.
(Score: 1) by redneckmother on Wednesday March 05 2014, @06:07PM
"You mean Microsoft? Ah yes now I remember."
I thought that m$ is "The Dark Side".
Mas cerveza por favor.
(Score: 5, Insightful) by Thexalon on Wednesday March 05 2014, @02:56PM
The Communist Nazi Terrorists, of course. Or Eastasia. Or Eurasia. I can't really remember.
It doesn't matter who the bad guy is, really - as long as we're all convinced there is a Really Big Threat, the masses will continue allow governments to throw staggeringly large sums of money at military contracting firms, which is the real point of the exercise.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 5, Insightful) by Anonymous Coward on Wednesday March 05 2014, @08:06AM
A whole lot of assumptions in the articles unsupported by actual proof. Just because they see Russian text in a "sample" (whatever that means), doesn't necessarily mean that the authors were Russian, just people who put in Russian text there because it suited them, for whatever reason, one possible reason being disinformation for the naive. There is also doubt [brookings.edu] that the 2008 cyberattack referenced here with Agent.BTZ was done by an intelligence agency, given how ineffective it was.
Better evidence for who might have wrote it or is using it is to look for where it's been found and what it's been used to do. That's why people believe Stuxnet was the work of either the NSA or Israeli intelligence.
Highly sophisticated code does not mean it is the work of a government. Private enterprises can do that too.
(Score: 4, Interesting) by TheRaven on Wednesday March 05 2014, @10:02AM
sudo mod me up
(Score: 2, Insightful) by Geezer on Wednesday March 05 2014, @01:03PM
Of course, one could argue that ay least in Russia's case "government" and "organized crime" are, in effect, synonymous.
How this differs from any other nation-state is another discussion.
(Score: 4, Insightful) by Anonymous Coward on Wednesday March 05 2014, @09:54AM
Compiling code in 2011 and using it in attacks in 2008. Now that's some hefty piece of software.
(Score: 1, Funny) by Anonymous Coward on Wednesday March 05 2014, @10:33AM
Maybe in 2008 they used an interpreted language, and in 2011 they found a compiler for that language.