- Get link
- X
- Other Apps
Almost every day on the World Wide Web, several new computer viruses are discovered. And it's very rare that viruses can not be destroyed. Moreover, a rare virus can hide for years from the developers of antivirus software. But, according to a recent report from Kaspersky Lab specialists, they were able to detect just such a virus: it is almost impossible to destroy it, and it has been "working" since 2012.
The virus software was called Slingshot and used to pinpoint users. The virus can save keystrokes, send screenshots, intercept traffic, passwords and all data before they are encrypted. Moreover, the work of the virus does not cause any errors in the kernel of the system. We also managed to find out how the virus was injected into the system: it happened through the vulnerability of MikroTik routers. Manufacturers have already released a new firmware, but Kaspersky Lab admits that the virus can use other ways of implementation. Having penetrated the router, the virus replaces one of the DDL-libraries with malware, loading it into the computer's memory at startup. Thus, a malicious DLL library is launched on the computer and connects to a remote server to download the Slingshot program itself. As experts noted, malware includes two parts: Cahnadr (kernel mode module) and GollumApp (user mode module), designed to collect information, preserve the presence on the system and steal data. According to Kaspersky Lab's employees,
"The Cahnadr module, also known as NDriver, has the functions of anti-debugging, rootkit and traffic analysis, installation of other modules and much more. Written in C programming language, Canhadr provides full access to the hard disk and RAM, despite the security limitations of the device, and monitors the integrity of various system components to avoid detection by security systems. "
High level of protection of the virus from detection also deserves a separate mention. For example, another of its modules is called Spork. It collects information about the OS and what antiviruses are installed on it. Depending on this, the virus uses different methods of infection.
"For example, the virus used an encrypted virtual file system that was created in an unused part of the hard drive. This solution is very complex, and Slingshot is almost the only virus that is equipped with this technology. Moreover, each text string in the modules of the virus is encrypted. "
Who is the author of the virus, at the moment it was not possible to find out, but as Engadget writes, based on the analysis of the code, it can be concluded that malicious software was created, most likely, by English-language programmers. It is also reported that the main victims of hackers were a number of governmental organizations of Kenya, Yemen, Libya, Afghanistan, Iraq, Tanzania, Jordan, Mauritius, Somalia, Democratic Republic of the Congo, Turkey, Sudan and the United Arab Emirates.
The article is based on materials .
Comments
Post a Comment