Skip to main content

Massive malware attacks uncovered in former USSR

Security firm Trend Micro has uncovered a series of large-scale and continuing using a malware downloader called Lurid, against nearly 1,500 computers in 61 countries.

The 1,465 victims of the so-called 'advanced persistent threat' (APT) attacks are mostly situated in former Soviet republics including Russia, Kazakhstan and Ukraine, and include government ministries and diplomatic missions as well as state-led space agency systems.

"This particular campaign comprised over 300 malicious, targeted attacks, monitored by the attackers using a unique identifier embedded in the associated malware," Trend's security director Rik Ferguson wrote in a research document detailing the attacks.

"In total, the attackers used a command-and-control [C&C] network of 15 domain names associated with the attackers and 10 active IP addresses to maintain persistent control over the 1,465 victims."

The 'Lurid' downloader is part of a malware family known as 'Enfal,' although previous Enfal-based attacks have target US government agencies.

Rather than using previously unknown 'zero day' exploits, the attackers took advantage of a number of tried-and-tested vulnerabilities in Adobe Reader and "compressed RAR files containing malicious screen savers" to execute their malware payload - though Ferguson warned:

"While we have not located any samples used in these campaigns that contain zero-day exploits, the campaign identifiers used by the attackers do make reference to the use of such exploits."

According to Ferguson, the attacks may have enabled their perpetrators to steal data from compromised computers, including spreadsheets and other documents.

Trend has so far been unable to determine the source of the attacks.