Friendly forums for passionate Dems!
More than 91 million posts since 2001
Home Latest Greatest Videos Forums Hide ads Join up!
Home Latest Greatest
Videos Forums Help
Hide ads Join up!
Latest Discussions»Latest Breaking News»Researchers crack open un...
Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

Latest Breaking News

Showing Original Post only (View all)

NWCorona

(8,541 posts) Tue Aug 9, 2016, 04:16 AM Aug 2016

Researchers crack open unusually advanced malware that hid for 5 years [View all]

Source: Arstechnica

Security experts have discovered a malware platform that's so advanced in its design and execution that it could probably have been developed only with the active support of a nation state.

The malware—known alternatively as "ProjectSauron" by researchers from Kaspersky Lab and "Remsec" by their counterparts from Symantec—has been active since at least 2011 and has been discovered on 30 or so targets. Its ability to operate undetected for five years is a testament to its creators, who clearly studied other state-sponsored hacking groups in an attempt to replicate their advances and avoid their mistakes. State-sponsored groups have been responsible for malware like the Stuxnet- or National Security Agency-linked Flame, Duqu, and Regin. Much of ProjectSauron resides solely in computer memory and was written in the form of Binary Large Objects, making it hard to detect using antivirus.

Part of what makes ProjectSauron's so impressive is its ability to collect data from air-gapped computers. To do this, it uses specially prepared USB storage drives that have a virtual file system that isn't viewable by the Windows operating system. To infected computers, the removable drives appear to be approved devices, but behind the scenes are several hundred megabytes reserved for storing data that is kept on the air-gapped machines. The arrangement works even against computers in which data-loss prevention software blocks the use of unknown USB drives.

Kaspersky researchers still aren't sure precisely how the USB-enabled exfiltration works. The presence of the invisible storage area doesn't in itself allow attackers to seize control of air-gapped computers. The researchers suspect the capability is used only in rare cases and requires use of a zero-day exploit that has yet to be discovered. In all, Project Sauron is made up of at least 50 modules that can be mixed and matched to suit the objectives of each individual infection.

Read more: http://arstechnica.com/security/2016/08/researchers-crack-open-unusually-advanced-malware-that-hid-for-5-years/


The ability to jump the gap is crazy stuff.
InfoView thread info, including edit history TrashPut this thread in your Trash Can (My DU » Trash Can) BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks) 12 replies, 4258 views
ShareGet links to this post and/or share on social media AlertAlert this post for a rule violation PowersThere are no powers you can use on this post EditCannot edit other people's posts ReplyReply to this post EditCannot edit other people's posts Rec (28) ReplyReply to this post
12 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
Researchers crack open unusually advanced malware that hid for 5 years [View all] NWCorona Aug 2016 OP
There was a BIOS hack that allowed air-gap control via infrasonic signals Recursion Aug 2016 #1
Agreed! The technology that's coming on line is both scary and amazing NWCorona Aug 2016 #9
Aliens, obviously. truthisfreedom Aug 2016 #2
5 years is an eternity in Tech Moliere Aug 2016 #3
It didn't "jump the gap" spinbaby Aug 2016 #4
Yeah you are right. that term can be viewed a few ways. That's why I left off the word "air" NWCorona Aug 2016 #10
Lazy or careless cannabis_flower Aug 2016 #11
Epoxy, and... reACTIONary Aug 2016 #12
So was it depending on a physical USB drive or was it creating a cstanleytech Aug 2016 #5
Sounds like it was coopting part of a separate USB drive's memory. Igel Aug 2016 #6
Windows operating system FigTree Aug 2016 #7
You can find examples Plucketeer Aug 2016 #8
Latest Discussions»Latest Breaking News»Researchers crack open un...
Home | Latest Discussions | Greatest Discussions | Latest Videos | All Forums

About | Copyright | Privacy | Terms of service | Contact

In Memoriam

© 2001 - 2024 Democratic Underground, LLC. Thank you for visiting.