“Red October” Malware Targets Governments Worldwide

By |2016-10-16T15:59:16+00:00January 14th, 2013|Categories: Malware, Security|Tags: , , , , , , , , , , , , |1 Comment
Share This Article:


Kaspersky Labs has discovered a new malware that targets members of governments, political groups, and research institutions, called Red October, or Rocra. This malware mostly targets Eastern Europe, former USSR members, and central Asia, with a few sightings in North America.

The malware is sent via a spear-phishing email which, according to the firm, targets carefully-selected victims with an organization. Containing at least three different exploits in Microsoft Excel and Word, the infected files, once downloaded, drops a trojan on to the machine which then scans the local network to detect if any other devices are vulnerable to the same security flaw.

By dropping modules that can complete a number of “tasks,” usually as .dll libraries, an infected machine obeys commands sent by the command center and then immediately discards the evidence. Separated in to “persistent” and “one-time” tasks, the malware is able to spy and steal in a number of ways, including:

•Waiting for a Microsoft Office or PDF document and executing a malicious payload embedded in that document;
•Creating one-way covert channels of communication,
•Recording keystrokes, making screenshots,
•Retrieve e-mail messages and attachments;
•Collect general software and hardware environment information,
•Extracting browsing history from Chrome, Firefox, Internet Explorer, Opera, and saving passwords,
•Extracting Windows account hashes;
•Extract Outlook account information,
•Performing network scans, dump configuration data from Cisco devices if available.

Some .exe services remain running in the background and wait for a phone to connect. So far it appears to target Microsoft’s Windows Phone, Nokia phones, and the Apple iPhone.

Find more information at CNet.

Share This Article:


Related Content

One Comment

  1. Robert Russell (@mindfrost82) January 14, 2013 at 6:52 pm - Reply

    Blog Post: “Red October” Malware Targets Governments Worldwide http://t.co/t4vwU40C

Leave a Comment