Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

'Old School' Hackers Attack European Governments Using 'MiniDuke' Malware

Soulskill posted about a year and a half ago | from the you-don't-want-to-go-full-duke dept.

Security 48

puddingebola writes "The Guardian reports that hackers have been targeting officials from over 20 European governments with a new piece of malware called 'MiniDuke.' 'The cybersecurity firm Kaspersky Lab, which discovered MiniDuke, said the attackers had servers based in Panama and Turkey – but an examination of the code revealed no further clues about its origin (PDF). Goverments targeted include those of Ireland, Romania, Portugal, Belgium and the Czech Republic. The malware also compromised the computers of a prominent research foundation in Hungary, two thinktanks, and an unnamed healthcare provider in the US.' Eugene Kaspersky says it's an unusual piece of malware because it's reminiscent of attacks from two decades ago. 'I remember this style of malicious programming from the end of the 1990s and the beginning of the 2000s. I wonder if these types of malware writers, who have been in hibernation for more than a decade, have suddenly awoken and joined the sophisticated group of threat actors active in the cyber world.' The computers were corrupted through an Adobe PDF attachment to an email."

cancel ×

48 comments

Sorry! There are no comments related to the filter you selected.

emailed pdf, say it ain't so! (1)

masternerdguy (2468142) | about a year and a half ago | (#43029713)

"The computers were corrupted through an Adobe PDF attachment to an email." -- It never ends! Why is this still an attack vector? This could have been totally avoided with a little user education and decent network security policy.

Re:emailed pdf, say it ain't so! (0)

Anonymous Coward | about a year and a half ago | (#43029807)

Or adobe sucking less?

Re:emailed pdf, say it ain't so! (1)

dgatwood (11270) | about a year and a half ago | (#43029903)

This could have been totally avoided with a little user education and decent network security policy.

By which, of course, you mean banning Adobe software and blocking any attempts to download it. It seems like I'm getting Flash Player security updates about once a week [sophos.com] . On the one hand, it's good news that they're finally fixing that steaming pile of bugs, but on the other hand, it makes me wonder how many of those security holes have been secretly exploited for years, and how many of the Flash crashes I've seen over the years would have been successful attacks on some specific version of some specific OS.

Re:emailed pdf, say it ain't so! (2)

aztracker1 (702135) | about a year and a half ago | (#43030877)

I remember several years back using a flash tool that allowed reading/writing of arbitrary files on the system, back in Flash3-5 IIRC... Our use was not malicious, and it was before Flash had offline data available... we were only using it to store the active simulation/test being taken, but at that time I disabled flash on every machine outside of work I had access to. Was a colossal security hole.

Adobe's software still has an important use case. (1)

Medievalist (16032) | about a year and a half ago | (#43034941)

If you don't load Adobe software, how will you read the early episodes of Platinum Grit [platinumgrit.com] ?

I'll admit there's no other valid use case for any Adobe software, though.

Re:Adobe's software still has an important use cas (1)

EdZ (755139) | about a year and a half ago | (#43040385)

Luckily, Shadowline have all but the last volume (20) of Platinum Grit available as regular images [shadowlineonline.com] , derived from the print edition layouts.

I'm not sure whether to praise Oglaf for being hilarious, or damn it for putting the nail in the coffin of Platinum Girt.

Re:emailed pdf, say it ain't so! (2, Insightful)

Anonymous Coward | about a year and a half ago | (#43031023)

They would have been protected if they had been using Chromebooks.
Within the next 5 years, probably 75% of the world will move to this safer platform and finally most hacks will be gone.
Only power users will still be using full-on PCs.

Re:emailed pdf, say it ain't so! (1)

Anonymous Coward | about a year and a half ago | (#43031173)

Exactly. The Chromebook Renaissance will dwarf the Tonka Big Wheel Renaissance that replaced SUVs as much safer, though somewhat limited, forms of transportation.

Re:emailed pdf, say it ain't so! (0)

Anonymous Coward | about a year and a half ago | (#43031697)

LOL Tonka ftw XD

PDF attachment (5, Funny)

Anonymous Coward | about a year and a half ago | (#43029719)

Anyone else weary to click the attached PDF?

Re:PDF attachment (1)

Anonymous Coward | about a year and a half ago | (#43029787)

I'm really starting to grow weary of PDF.

What does 'PDF' stand for anyways? 'Pedo file'?

Re:PDF attachment (2, Funny)

Anonymous Coward | about a year and a half ago | (#43030387)

I'm really starting to grow weary of PDF.

What does 'PDF' stand for anyways? 'Pedo file'?

PDF: Please Don't Fuckup.

Re:PDF attachment (2)

_4rp4n3t (1617415) | about a year and a half ago | (#43031281)

I'm really starting to grow weary of PDF.

What does 'PDF' stand for anyways? 'Pedo file'?

PDF: Please Don't Fuckup.

PDF-A: Please Don't Fuckup Again

Re:PDF attachment (1)

cheater512 (783349) | about a year and a half ago | (#43029929)

Erm no? I use Linux and open PDFs with Okular.

What? You can't honestly tell me that you are using Acrobat? Even on Windows that's stupid.

Re:PDF attachment (1)

aztracker1 (702135) | about a year and a half ago | (#43030893)

Agreed.. I think it's time that Acrobat simply open in read/view only mode.. no scripts, no forms active, unless you click the warning.. similar to what MS did with Word a decade ago... I use Sumatra on windows...

Re:PDF attachment (0)

Anonymous Coward | about a year and a half ago | (#43033615)

At work there isn't really much choice. If someone sends me a PDF i'll click it. It's up to the IT department to cry me a river about it. They can cry while they try to fix the damages.

Aging hackers (4, Funny)

Grayhand (2610049) | about a year and a half ago | (#43029777)

From Hell's retirement home I stab at thee!" Why do I get this picture of some hackers with walkers and false teeth striking out with a couple of old 8088s from their group home?

Re:Aging hackers (0)

Anonymous Coward | about a year and a half ago | (#43029835)

True hackers would build their machine out of TTL logic. ( or ECL )

Kids these days.

Get off my lawn (1)

Anonymous Coward | about a year and a half ago | (#43029989)

Back in my day we were real hackers. We modified the wooden cogs with sinew and hasps! And that is the way we liked it! You young'ns and your Edison machines! Not one bit of brains amongst any of ya!

Re:Aging hackers (1)

cameloid (120654) | about a year and a half ago | (#43030237)

Bu884 H073P

Re:Aging hackers (1, Funny)

trentfoley (226635) | about a year and a half ago | (#43031445)

8080A, Z-80, or 6502. When you've been 8-bit hacked, you stay hacked!

You and your new-fangled 16 bit processors. At least use an 8086, or even better, a moto 68k!

And, don't knock false teeth. Where else do you think I have my portable wifi hotspot installed?

Re:Aging hackers (0)

Anonymous Coward | about a year and a half ago | (#43031581)

Try http://www.oldskool.org/pc/ or http://www.fairlight.to/ ;-)

Lies of omission (0)

girlintraining (1395911) | about a year and a half ago | (#43029871)

The malware also compromised the computers of a prominent research foundation in Hungary, two thinktanks, and an unnamed healthcare provider in the US.

Yes, because anywhere but in the United States, there's no harm in publishing the names of those harmed by malware attacks. I, for one, would be interested in knowing which healthcare provider managed has been infiltrated, since, you know, it could be a life or death kind of thing, unlike research foundations and think tanks.

reminiscent of attacks from two decades ago? (2)

mcmonkey (96054) | about a year and a half ago | (#43029905)

These days, who gets excited over pictures of Anna Kournikova?

Re:reminiscent of attacks from two decades ago? (1)

Virtucon (127420) | about a year and a half ago | (#43030147)

As she was then? or now?

Have you seen her lately? She's still hot.

But I guess I'm in the genre that thinks Jennifer Aniston still is hot.

Re:reminiscent of attacks from two decades ago? (1)

Nidi62 (1525137) | about a year and a half ago | (#43030537)

But I guess I'm in the genre that thinks Jennifer Aniston still is hot.

When did Jennifer Anniston supposedly become unhot?

Re:reminiscent of attacks from two decades ago? (0)

Anonymous Coward | about a year and a half ago | (#43031127)

Ever.

Re:reminiscent of attacks from two decades ago? (0)

Anonymous Coward | about a year and a half ago | (#43031739)

Why the hell to people say she's hot?
She's pretty plain looking. Nothing hot there IMHO.

Re:reminiscent of attacks from two decades ago? (0)

Anonymous Coward | about a year and a half ago | (#43033681)

Perhaps that's the draw. I don't know. I think she looks hot, and will continue to do so. Even when she's 85 she's still going to be hot.

Irony (3, Funny)

Anonymous Coward | about a year and a half ago | (#43030001)

"The computers were corrupted through an Adobe PDF attachment to an email." Links to a PDF describing the attack.

Re:Irony (1)

s.petry (762400) | about a year and a half ago | (#43030101)

I thought the same thing, and reported Kaspersky to Kaspersky as a possible risk!

On the more serious side, it was pretty interesting to see an old school assembly built virus. Takes me back to the good ole days.

open a pdf on ... (4, Funny)

v1 (525388) | about a year and a half ago | (#43030223)

mac: "The pdf was corrupted and could not be opened. Try downloading again."

mac: "The pdf was corrupted and could not be opened, open in raw text view?"

windows: "This document requires age verification to view. Please verify your internet connection and enter a valid credit card number to proceed."

brain autocorrects previews apparently (1)

v1 (525388) | about a year and a half ago | (#43030243)

all typeos will be hidden despite use of preview button, but will become immediately obvious two seconds after clicking POST.

That 2nd line if you coulnd't figure it out, was supposed to start with "linux: " :P

What makes them old school? (1)

elucido (870205) | about a year and a half ago | (#43030275)

I don't understand why hacking through PDF is considered old school. Is the exploit really old?

Re:What makes them old school? (0)

Anonymous Coward | about a year and a half ago | (#43030471)

They used assembly code.Popular in the 90's due to its small size.
IMO

Re:What makes them old school? (1)

ma1wrbu5tr (1066262) | about a year and a half ago | (#43030519)

I guess because they used good old fashioned con artistry in the form of a seemingly somewhat successful spearphish. (Say that four times fast , boys and goyls!)

Fighting God? (1)

SparrowOS (2792265) | about a year and a half ago | (#43030381)

God says... C:\Text\WALDEN.TXT Nature could support but one order of understandings, could not sustain birds as well as quadrupeds, flying as well as creeping things, and hush and whoa, which Bright can understand, were the best English. As if there were safety in stupidity alone. I fear chiefly lest my expression may not be extravagant enough, may not wander far enough beyond the narrow limits of my daily experience, so as to be adequate to the truth of which I have been convinced. Extra vagance! it depends on how you are ya

What ever you do - don't mention Microsoft Windows (1)

dgharmon (2564621) | about a year and a half ago | (#43030505)

"The malware also compromised the computers of a prominent research foundation in Hungary, two thinktanks, and an unnamed healthcare provider in the US"

Is there some kind of rule on tech sites that you're not allowed to mention Microsoft Windows in relation to Windows malware.

Not hackers, I just found this on my Dad's PC.. (0)

Anonymous Coward | about a year and a half ago | (#43030515)

http://en.wikipedia.org/wiki/Virus_Creation_Laboratory

Re:Not hackers, I just found this on my Dad's PC.. (1)

trentfoley (226635) | about a year and a half ago | (#43031477)

I had lots of fun with that in the early 90's. The first time I used the tool, I created a virus with no payload - just replicating and... accidentally unleashed it on my employers network. Fortunately, being the only admin, I cleaned it up before anyone noticed - not that they would anyway. Still, thanks for the memory. And, my kids would never find such a thing on my computers! They have yet to break my encryption.

Re:Not hackers, I just found this on my Dad's PC.. (0)

Anonymous Coward | about a year and a half ago | (#43031531)

Hey Sis,
Dad still hasn't worked out we cracked his laptop. LOL.
-B

first thing I thought of (1)

inode_buddha (576844) | about a year and a half ago | (#43030901)

first thing I thought of when I saw this was, +0rc and Fravia's pages.... wow that takes me back

One decade ago (4, Insightful)

Anonymous Coward | about a year and a half ago | (#43031337)

Eugene Kaspersky says it's an unusual piece of malware because it's reminiscent of attacks from two decades ago. 'I remember this style of malicious programming from the end of the 1990s and the beginning of the 2000s.

Unless I've been asleep for a very long time, the late 90s/early 00s is one decade ago.

Re:One decade ago (0)

Anonymous Coward | about a year and a half ago | (#43031737)

Ah but you've ignored time inflation. A decade about a decade ago is now close to two decades ago in present relative terms!

That's not all but in a deacde the same decade a decade ago will count as nearly three decades!!!!1! and one decade after that anyone in their forties will already be geriatrics :O

Be quick, get your decades now before they run out!

Re:One decade ago (1)

PiRXlv (2853357) | about a year and a half ago | (#43032411)

Late 90s is about 15 years ago. Not sure it can be called two decades, but without a doubt it's more than one decade.

Say goodbye to adobe pdf reader (0)

Anonymous Coward | about a year and a half ago | (#43032367)

No more slowness and malware. You know you don't have to use it, free software alternatives

http://pdfreaders.org/ [pdfreaders.org]

MiniDuke? (0)

Anonymous Coward | about a year and a half ago | (#43034005)

Am I the only one who now wants to see a more efficient variant of this attack called the "NanoEarl"?

Stop Executing Data (0)

Anonymous Coward | about a year and a half ago | (#43038511)

I know that I'm preaching to the choir here, but it continues to annoy me that PDFs, Flash, Office Docs, Email, etc have any ability at all to infect a machine.
Open the file, read the data, uncompress it if necessary, show it to me. IF (and that's a big if) anything wants to execute ask me before doing so. If that means a prompt every time I open a PDF because some silly thing needs to "execute", then so be it...but opening the file shouldn't execute a damn thing. It should be as benign as opening a text file. Scripting should only run after the user OK's it.

Sure, 90% of people will just click past it, but the only way to get security is to give people the ability to protect themselves. Maybe having some kind of Right Click - Safe View/Safe Mode option might be better, that way people don't have the annoyance of a popup, but have the ability to look without the risk of auto-executing BS.

Personally I use NoScript on FireFox, so I am at least attempting to browse in Safe Mode. But when I open a PDF I don't have that option. That's just asinine.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>