back to article Security researchers uncover three-year-old 'RUSSIAN SPYware'

Security researchers have discovered a complex and sophisticated piece of data-stealing malware they suggest may well be the work of state-sponsored hackers in Russia. The Uroburos rootkit, named after a mythical serpent or dragon that ate its own tail – and a sequence of characters concealed deep within the malware’s code ( …

COMMENTS

This topic is closed for new posts.
  1. All names Taken
    Paris Hilton

    Don't be daft!

    Big Ruski threat appears at time of big Ruski threat in a nation not too far (okay Ukraine pronounced Ooo-kra-ine-eh to the initiated otherwise to the historical Brit mind warp) does not make sense.

    This may shock you but Russia is a very responsible nation that takes its military and political and economic strengths very seriously.

    You don't think it (Ruski I mean) lost many, many, many more lives than the UK, Europe and USA combined in '39 - '45 without some serious reflection during and afterwards? No?

    It is probably NSA or GCHQ playing with you.

    edit: or Conservative Party in form of Foreign Office playing with you

    1. I ain't Spartacus Gold badge

      Re: Don't be daft!

      Russia has an extremely competent and well funded spying agency. It also has some excellent computer skills, as well as quite a lot of effective cyber-criminals. Why would anyone be surprised if Russia was spying online, along with every other nation that's capable of it?

      1. Wzrd1

        Re: Don't be daft!

        "Russia has an extremely competent and well funded spying agency."

        True enough, they also contract out with RBN for "services rendered", such as the Georgia attacks.

        But, Agent.BTZ wasn't Russian, it was PRC Army written and operated.

        We'll suffice it to say that US operatives know quite a lot about who did what to whom, when and how.

    2. Anonymous Coward
      Anonymous Coward

      Re: Don't be daft!

      "This may shock you but Russia is a very responsible nation that takes its military and political and economic strengths very seriously."

      Unlike human rights, or the rule of law.

    3. Anonymous Coward
      Anonymous Coward

      Re: Don't be daft!@ All names Taken

      "You don't think it (Ruski I mean) lost many, many, many more lives than the UK, Europe and USA combined in '39 - '45 without some serious reflection during and afterwards? "

      And what form did that reflection take? Evidently they missed the obvious conclusion of "Don't be a sh*theaded dictatorship, and don't sign non-aggression pacts with sh*theaded dictatorships".

      We might also point out that about a third of Ruski deaths were due to your own gulags, and a third due to the incompetent management of agriculture leading to mass starvation.

      But hey, ho, I don't care about Ukraine. You feel free for your shorty dictator to strut his stuff, intimidate the easily cowed, and show why your country is neither trustworthy nor respected.

      1. Destroy All Monsters Silver badge

        Re: Don't be daft!@ All names Taken

        TUNE OUT THE WAR PARTY

        Putin’s actions, though unsettling, are not irrational.

        After he won the competition for Ukraine to join his customs union, by bumping a timid EU out of the game with $15 billion cash offer plus subsidized oil and gas to Kiev, he saw his victory stolen.

        Crowds formed in Maidan Square, set up barricades, battled police with clubs and Molotov cocktails, forced the elected president Viktor Yanukovych into one capitulation after another, and then overthrew him, ran him out of the country, impeached him, seized parliament, downgraded the Russian language, and declared Ukraine part of Europe.

        To Americans this may look like democracy in action. To Moscow it has the aspect of a successful Beer Hall Putsch, with even Western journalists conceding there were neo-Nazis in Maidan Square.

        1. I ain't Spartacus Gold badge

          Re: Don't be daft!@ All names Taken

          After he won the competition for Ukraine to join his customs union...[snip]...he saw his victory stolen.

          If that really is a valid version of the Russian government's opinion then they need to grow the fuck up.

          Firstly it's not a game. Secondly democracy isn't about elections. It's about legitimacy. It's about creating enough trust in the system that the losing side is willing to accept the result of their loss, and to accept the winning side as legitimate. The Ukranian government failed in this, due to being monumentally corrupt and incompetent. They also didn't help by using machineguns and snipers on (mostly) peaceful protesters.

          Putin may not understand this, as it's what he probably would have done. But earlier in his rule (in his first terms as President), he was a lot more subtle about weilding power than he now is. He played more at being the democrat, and found it easier to rig the system. Probably because he was genuinely incredibly popular back then. Which I suspect he isn't any more.

          The lot who are in power in Ukraine now would possibly have made the same mistakes, leading to Eastern Ukraine and Crimea splitting off anyway. But we may never know now, as Russia invaded first.

          A lot of Putin's victories are pyrrhic though. Maybe he's happy if he destroys Ukraine, but when they have to default on the $30-odd bilion they owe Russia, he may be less happy. It'll probobably also take out a couple of big Russian banks - plus even more Russian money will flee to Cyprus, London, NY etc. Russia needs the West. Sure we may need their gas, but their economy collapses if they don't sell it. Equally their own population don't trust their economy, and won't leave their savings in it, and foreign investors are becoming increasingly less willing to get involved, as they keep seeing their money stolen. The Russian Central Bank has been going through about $7 billion of reserves a week, trying to keep the ruble from collapsing and causing massive inflation. That's probably going to get worse now. Remember Putin was popular for 2 reasons. Firstly that he stood for stability and growth in the once chaotic economy. And secondly for being a tough-guy nationalist. I rather suspect the second will look less peachy if it fucks up the first. As Clinton said, "It's the economy stoopid."

  2. Andrew Oakley

    Which OS?

    Can't see where the article tells me which operating system this malware affects. Shall I just have a wild guess at Microsoft Windows?

    1. Flawless101

      Re: Which OS?

      here it is from the linked article,

      Uroburos supports 32-bit and 64-bit Microsoft Windows systems. Due to the complexity of this malware and the supposed spying techniques used by it, we assume that this rootkit targets governments, research institutes, or/and big companies.

      1. Uffish
        Linux

        Re: Which OS?

        ... but can it run on Wine?

        1. Wzrd1

          Re: Which OS?

          "... but can it run on Wine?"

          With some tweaking, if it's half like Agent.BTZ.

    2. Anonymous Coward
      Anonymous Coward

      Re: Which OS?

      Not exactly a hard guess seeing as Linux desktop share is still at 1% - and will be even less in standardised environments like companies / governments.

      1. Wzrd1

        Re: Which OS?

        Not *quite* true. Linux desktop penetration is slightly greater, but as a server the penetration is much, much higher. The US government also has support contracts with RedHat.

  3. All names Taken
    Paris Hilton

    Until proven otherwise...

    ... this is a ruse?

    1. Uffish

      Re: Until proven otherwise...

      Until proven otherwise this is very probably Russian spyware, proudly made in Russia, by Russians, for Russia and without any need for help from any other country. And due to our own activities we can't get too angry about it.

      1. Wzrd1

        Re: Until proven otherwise...

        "And due to our own activities we can't get too angry about it."

        Agent.BTZ was Chinese, run by the PRC Army. It directly targeted US DoD assets. Other PRC based compromises were plentiful between 2005-present, with Russian compromises as well.

        Frankly, the only nation I'm aware of who doesn't have cyber-espionage and cyber-warfare units is Somalia.

        There are no saints, but there are loads and loads of sinners out there. Not just the US with its massive data scoops running all over the place attempting to find terrorists.

  4. Anonymous Coward
    Anonymous Coward

    Only on Windows...

    ... could there be such obfuscation. On a *nix system you just couldn't hide something like that for so long.

    1. Anonymous Coward
      Anonymous Coward

      Re: Only on Windows...

      That would be because of Windows more powerful security model - you can properly separate drivers from the kernel under Windows...But it does also mean that more advanced techniques can be required to detect root kits.

      Of course, this root kit possibility largely goes away with recent Windows versions and the trusted boot technology.

    2. Kanhef

      Re: Only on Windows...

      Maybe not quite as well, but you can hide *nix malware fairly well using similar techniques. Keep most of the payload, scratch files, etc. in an encrypted virtual file system; to anyone else it looks like a regular binary file. The only exposed part would just open the VFS and load the rest of the code; give this a name confusingly similar to a known daemon, and it could easily be overlooked. It may not be as easy as it is on Windows, but don't say it can't be done.

  5. Anonymous Coward
    FAIL

    When did Eset become German?

    They're Slovakian, or they have been for the last 7 years I've used them.....

    Nice ninja edit, but this said Eset was the German company when first published.....

    1. Destroy All Monsters Silver badge
      Trollface

      Re: When did Eset become German?

      It was The Other Annexion ... that John Kerry DIDN'T yap loudly about.

  6. Destroy All Monsters Silver badge
    Trollface

    Tlön, Uqbar, Orbis Tertius.

    From the report:

    Another interesting notion: The exact spelling, Uroburos, can even be found in a webcomic called Homestuck. In this interactive webcomic, the reader/player needs two codes to receive virtual magic objects (called juju). Those two codes are in fact uROBuROS and UrobUros. We can notice that the uppercase and lowercase character order matches the string found within the malware code.

    "Not bad. Some pretty good stuff you got there!"

  7. Vociferous

    The Russians are still behind the curve.

    Free hint for the Russians: disguise your spykits as DRM. Then no one will touch it even when it's detected.

  8. Anonymous Coward
    Anonymous Coward

    too trusting the lot of you

    All these unproven assumptions that spooks work for their countries/empires. During Cold War Russian and Yank spooks socialised together in the outer suburbs of respective empires as only insiders to the game could understand the game and commiserate. Could ruskis and yank spookeries be spying on everyone in their own interests and exchanging info as required ? Would not be first time the guardians sold the emporership off to highest bidder. Both states are largely run by unelected secretive cabals.

  9. Sebastian A

    What bothers me the most

    is that nations on any side don't seem to be in a rush to set up a set of rules around cyberwarfare like this. It's the wild west and they seem happy to keep it that way.

    Until someone's powergrid collapses I guess. THEN there'll be some hurried steps to put together a set of Digital Geneva Conventions.

  10. Anonymous Coward
    Anonymous Coward

    Ban this LEnix malware now !

    antivirus, complex, compromised, computers, cybercrooks, data-stealing, hackers, infected, infection, malware, peer-to-peer, Russia, sophisticated, state-sponsored, threat, victim ...

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2020