Monday, 6 July 2015

Iran Confirms Attack By Advanced Dino-Malware

Iran has been the target of sophisticated Dino malware which this week by the Slovak anti-virus company ESET revealed , but strategic centers would not be infected by the spy virus. That leaves the head of Iran's Computer Emergency Response Team Coordination Center (CERTCC) against the Iranian state news agency Mehr know .

Dino, as the malware is referred to by ESET, would be made by French-speaking developers and are part of a family of other espionage viruses. The virus fighter points to the wording of the error messages in the malware code as well as the language of the compiler that was used to compile with the malware. Analyst Joan Calvet does not rule out that this may be done intentionally to leave a false trail, but thinks that the malware authors in this case really forgot to adjust the language settings in the malware.

The malware itself is described as a "complex backdoor Trojan" that is used for spying purposes. How the malware spreads is to ESET a mystery, but the virus fighter thinks Dino was installed by another program. Once active, the malware as a primary purpose to steal files from infected computers. This allows the attackers to a very detailed way to find interesting files. Also regarding the victims of Dino is little known, except that they are in Iran.

It showed ESET slide show of a spy program Canadian secret service called Snowglobe ( pdf ) that has become public via Edward Snowden. The slide called several Iranian targets of the spying program, including universities and the Iranian Atomic Energy Organization. Whether these goals actually Dino infected remains an open question, since the head of the CERTCC denies that the malware was able to infect strategic centers.

No comments:

Post a Comment