The Latest in IT Security

Avira users are protected against the MiniDuke Malware

28
Feb
2013

If you live on this planet, you must have definitely have heard of the new malware that is making use of a zero-day vulnerability in Adobe Reader.

This malware is called MiniDuke, and it is slowly but surely becoming the nightmare of any company:

  • it is polymorphic – there are thousands of variants in the wild.
  • it is using an exploit in a highly popular software product – Adobe Reader.
  • it starts its actions once the operating system is rebooted, so it cannot be easily associated with an action which the user did just before the infection.
  • the malware copies itself multiple times on the computer, so the cleaning it is rather complex.
  • it makes connections to various Comand and Control (C&C) servers around the world, so it can’t be easily stopped just by shutting down of few of these servers.
  • it can dynamically find other C&C servers using simple Google searches.
  • it uses Twitter to spread links to other C&C servers.
  • it obfuscates the downloads of the real payload containing the malware by downloading first GIF files (small icons)

exploit_code

All Avira users are protected and the malicious files are detected as

– EXP/MiniDukeGif.A – exploited GIF samples

– EXP/MiniDuke.A – exploited PDF samples

– TR/MiniDuke.A – the payload binaries

We were able to detect components used in MiniDuke in other malware dating from 2010. Due to the high complexity, the analysis of the samples continues and an update will be posted here.

Because of the huge number of exploit samples currently we’re working on a generic exploit detection for the PDF and GIF files.

Sorin Mustaca

IT Security Expert

Leave a reply


Categories

TUESDAY, SEPTEMBER 29, 2020
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments