Thursday, 19 February 2015

Desert Falcons Malware: "Million Files Stolen By Rtlo-Trick And RAR Attachments"


A group of cyber spies has managed through various social engineering tricks more than 3,000 computers to infect, with about 1 million files were stolen. Also in the Netherlands observed one or more infections, as reported anti-virus firm Kaspersky Lab.

The attackers, who would operate from the Middle East, had to cater to political and military intelligence. To infect victims were applied various tricks. So were sent spear phishing mails with attached RAR files. This RAR files contained and SCR and EXE files. The attackers used a trick with shortcuts.

Targets were given a RAR file sent to that extracted yielded several files, including two .doc files. One file, however, was a shortcut. Once users opened the shortcut malware was performed. Another trick used was using rtlo, which stands for Right-to-Left Override and ensures that through a special Unicode character sequence of characters of a filename can be reversed.


This will SexyPictureGirlAl [rtlo] gpj.exe appear in Windows as SexyPictureGirlAlexe.jpg. In the case of these attacks did the malware via rtlo for as a PDF document includes corresponding icon, but was in fact an executable SCR file. Users can recognize rtlo attacks by setting the detail view in Windows folders. Behind the file name also appears the file type. In this case there would be stated that this was an application.

The attackers were also active on Facebook, where she targets via the social networking approached. Once the trust was won were sent RAR files that contained malware. For large-scale infections among activists and political figures Facebook was also used. In this case, Facebook Messages posted there were pointing to malicious pages that malware was offered. Or again, the attackers to a page with an example being censored video. To view the video had offered "RealPlayer plug-in" installation. The file offered, however, was malware.


After the new computers were infected targets were divided into groups. Next, a list of all XLS, DOC, JPG and WAV files on the hard drive and connected USB sticks sent to the attackers. The attackers then used to connect to the computer to steal interesting photos and images. Also gathered there chats and screenshots. Depending on the targeted surveillance was then intensified or discontinued. In total, the attackers managed to steal more than 800,000 files from hard drives and more than 80,000 files from USB sticks.


No comments:

Post a Comment