Former USSR countries hit by malware attacks

Posted by Emma Woollacott

Trend Micro security researchers say they've discovered a major series of malware attacks targeting systems in Russia and other former Soviet states.

The company says the advanced persistent threat (APT) attacks hit nearly 1,500 computers in countries including Russia, Kazakhstan and Ukraine, as well as Vietnam and India.

The 47 victims, it says,  include government ministries, diplomatic missions and space agencies as well as private companies and research insitutions.

Trend Micro says that some attacks were aimed at particular geographical locations, whereas others targeted specific individuals.

"Although our research didn’t reveal precisely which data was being targeted, we were able to determine that, in some cases, the attackers attempted to steal specific documents and spreadsheets," say senior threat researchers David Sancho and Nart Villeneuve.
http://blog.trendmicro.com/

In total, says the company, the attackers used a command and control network of 15 domain names and 10 active IP addresses. The servers running the attack are located in the UK and the US.

The attackers used the 'Lurid Downloader' - aka 'Enfal' malware family. Targets received an email message encouraging them to open an attached file - which contained malicious code exploiting vulnerabilities in software programs such as Adobe Reader and Microsoft Office.

The same family of malware has in the past been used to target both the US government and non-governmental organizations.

However, says Trend Micro, there don't appear to be any direct links between this particular network and previous ones.