Newly discovered malware targets routers

Newly discovered malware targets routers

Newly discovered malware targets routers

The attack begins with the malware replacing a library file with a malicious version used to download other components.

Cyber security specialists Kaspersky Labs has claimed to have discovered what it described as a highly-sophisticated cyberespionage campaign called Slingshot, which could have been active for six years. The functionality is highly valuable and profitable for the attackers, which could explain why it has been around for at least six years.

Security researchers at Kaspersky Lab discovered the malware, nicknamed Slingshot, that targets MikroTik routers through a multi-layer attack utilised to spy on users' PCs. Considering Slingshot has access to sensitive data, it's not worth brushing off if there's a possibility the system you're using could be infected.

"The malware is highly advanced, solving all sorts of problems from a technical perspective and often in a very elegant way, combining older and newer components in a thoroughly thought-through, long-term operation, something to expect from a top-notch well-resourced actor". So yeah, it's pretty damn smart. Slingshot is also capable of accessing the data on an infected machine's hard drive or internal memory due to the ability to access an operating system's kernel level.

Two areas which Kaspersky believes to be particularly advanced are a kernel mode module called Cahnadr and GollumApp, a user mode module.

The infected computers were located primarily in Kenya and Yemen, but also in Afghanistan, Libya, Congo, Jordan, Turkey, Iraq, Sudan, Somalia, and Tanzania. However, we would tenuously speculate that the malware may have come from Western state-actors and was used to snoop on nations known to be hotspots of conflict, insurgency, or illicit activity.

Kaspersky didn't speculate as to why machines in these nations were targeted, but the organisation noted that debug messages were written in ideal English.

Slingshot appeared to spread through routers designed by Latvian company MikroTik, although Kaspersky has noted that other techniques, such as the exploitation of zero-day vulnerabilities, could have helped spread the threat.

Chinese security company Qihoo 360 has detected over 10,000 distributed denial-of-service (DDoS) attacks launched through misconfigured Memcached servers over the past week.

Kaspersky doesn't have any specifics of how Slingshot appeared on MikroTik routers, but it looks like the router's Winbox configuration utility was exploited to load dynamic link library files. Slingshot also kept malware files separate from an infected machine's file system, which helped keep it away from the noses of anti-virus software.

Slingshot protects itself by storing all of its malware files within an encrypted virtual file system and by encrypting every text string used in its modules.

Slingshot appears to have been active as far back as 2012 thanks to its suite of encryption and security-bypassing techniques. "Its infection vector is remarkable - and, to the best of our knowledge, unique", the researchers write in the report, released Friday.

Users of MicroTik routers are advised to update to the latest software. We doubt the average Joe has to worry about the malware given it looks like it was acutely targeted.

Notícias recomendadas

  • A Previdência e as limitações de Temer

    Para Maia, o próximo presidente terá força eleitoral para propor mudanças mais profundas. "Esse governo não tem os 308 votos necessários", afirmou.
    Did SuperSlim Me Plan DVD maker Scarlett Moffatt starve to lose weight?

    Did SuperSlim Me Plan DVD maker Scarlett Moffatt starve to lose weight?

    Scarlett released the DVD on Boxing Day in 2016, just two weeks after winning I'm A Celebrity . Scarlett Moffatt has revealed she was "really miserable" when she was at her skinniest.
    New habitable planet found near our solar system

    New habitable planet found near our solar system

    A key outcome from the current studies was that planets orbiting red dwarfs may have remarkably similar characteristics to planets orbiting solar-type stars.
  • Espanha em choque com assassinato de Gabriel Cruz

    Espanha em choque com assassinato de Gabriel Cruz

    Nesse dia, Quezada informou às autoridades ter encontrado uma camisola de Gabriel num local onde já haviam sido feito buscas. Ela chegou a postar no Facebook uma foto de Gabriel com um pedido: "Por favor, por favor, devolvam nosso Gabrielillo".
    Trump propõe plano para controlar violência que inclui professores armados

    Trump propõe plano para controlar violência que inclui professores armados

    Trump disse acreditar que professores armados inibiriam massacres a tiros em escolas e protegeriam melhor os alunos quando eles ocorrerem.
    Paris Saint-Germain bounce back in Ligue 1 after Champions League

    Paris Saint-Germain bounce back in Ligue 1 after Champions League

    Our rivals can drop points, but the most important thing is our game. "We will give everything for the three titles that remain". I'll put it in my living room, alongside the ball from Metz [he scored a hat-trick there last season].
  • Jurgen Klopp confirms Liverpool FC ready to spend big this summer

    Jurgen Klopp confirms Liverpool FC ready to spend big this summer

    You can't say you want a player, they give you a number and you say: 'Right we will pay that!' That's not how it should work. Klopp is looking to at least steer Liverpool FC into the Champions League for next season via a top-four finish this term.

    Trump Jr. partners with donor who pitched government

    At the time, the Trump Organization told Mic that Trump Jr.'s relationship with Beach was "strictly personal". Future Venture was incorporated last October in DE , but did not list Trump Jr.as an agent for the company.
    Apple buys magazine app Texture that's partially owned by Rogers

    Apple buys magazine app Texture that's partially owned by Rogers

    Texture is available on both iOS and Android, and Apple says it won't take down its Android platform, according to Recode . Users can read magazines on up to five devices in a single subscription.
  • Donald Trump touches down outside Pittsburgh ahead of PA-13th election

    Donald Trump touches down outside Pittsburgh ahead of PA-13th election

    The White House has also dispatched Vice President Mike Pence, Kellyanne Conway and Donald Trump Jr.to stump in the district. The Cook Political Report downgraded it "Toss Up" on February 28, and recent polls have the pair in a statistical dead heat.
    Avião cai em aeroporto do Nepal e deixa dezenas de mortos

    Avião cai em aeroporto do Nepal e deixa dezenas de mortos

    Muitos aviões de pequeno porte voam na extensa rede doméstica e comumente enfrentam problemas em pistas de pouso remotas. As imagens divulgadas mostravam pedaços do avião incendiado que os socorristas tiveram de cortar, procurando vítimas.
    Mass Effect lead writer Drew Karpyshyn leaves BioWare a second time

    Mass Effect lead writer Drew Karpyshyn leaves BioWare a second time

    Addressing the concerns, Casey Hudson Tweeted to the community: "Story will always be an important part of every BioWare game". VentureBeat's Fogbank announcement story said the studio's debut project will be an episodic, narrative game based on Fox IP.

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.