Sales: 844.796.1717   •   Support: 801.999.4767
See Service Pricing

Sophisticated Spyware Finally Discovered

Written By   Eric Woodard, CISSP
August 19, 2016 Cyber Security

Smantec and Kaspersky Lab last week separately announced the discovery of a highly sophisticated advanced persistent threat that had eluded security researchers for at least five years.

A previously unknown group called “Strider” has been using Remsec, an advanced tool that seems to be designed primarily for spying. Its code contains a reference to Sauron, the main villain in The Lord of the Rings, according to Symantec.

The APT spyware is called “ProjectSauron” or “Strider” in Kaspersky’s report.

The malware has been active since at least October 2011, Symantec said. It obtained a sample after its behavioral engine detected it on a customer’s systems.

Kaspersky found out about ProjectSauron when its software caught an executable library registered as a Windows password filter loaded in the memory of a Windows domain controller. The library had access to sensitive data in cleartext.

“Learning that some sophisticated malware has been running in your infrastructure for half a decade without detection is certainly painful,” said Sándor Bálint, security lead for applied data science at Balabit.

“Installing antivirus software and running a personal firewall provide only a bare minimum of protection,” he told TechNewsWorld.

 

Strider’s Moves

The spyware is modular, and it includes a network monitor. It can deploy custom modules as required. It opens backdoors on infected computers, and it can log keystrokes and steal files.

Its modules create a framework that provides complete control over an infected computer, Symantec said, moving across a network and stealing data.

Encryption is heavily used to prevent detection, as are stealth features. Several components are in the form of executable Binary Large OBjects, or blobs, which are difficult for traditional antivirus software to detect, according to Symantec.

Further, much of the spyware’s functionality is deployed over the network, so it resides only in a computer’s memory and not on disk — again, making detection difficult.

 

To read the full article click here.

Source: TechNewsWorld

 

Tags: Cyber Security Cybercrime Malware
Share:
Eric Woodard

Eric is the owner and CEO of Protek Support and is a CISSP (Certified Information Systems Security Professional). He graduated from Utah State University with a Bachelors of Science degree in Business with an emphasis in Information Technology (IT). He is an IT Services expert in a variety of technology related fields. Some of these fields include document management software/hardware, enterprise level networking and VoIP phone systems, as well as large scale software implementation projects and the setup of small business networks.

Related Posts

May 17, 2021

What is Microsoft Secure Score and Why Does it Matter?

April 15, 2021

10 Ways to Keep Your Network Safe From Cyber Criminals

Post your Comment

Archives

Categories