Skip navigation
Help

Bizarre old-school spyware attacks governments, sports Mark of the Beast


One of the Twitter feeds MiniDuke-infected machines use to locate a command-and-control server.

Kaspersky Lab

Unidentified attackers have infected government agencies and organizations in 23 countries with highly advanced malware that uses low-level code to stay hidden and Twitter and Google to ensure it always has a way to receive updates.

MiniDuke, as researchers from Kaspersky Lab and Hungary-based CrySyS Lab have dubbed the threat, bears the hallmark of viruses first encountered in the mid-1990s, when shadowy groups such as 29A engineered innovative pieces of malware for fun and then documented them in an E-Zine by the same name. Because MiniDuke is written in assembly language, most of its computer files are tiny. Its use of multiple levels of encryption and clever coding tricks makes the malware hard to detect and reverse engineer. It also employs a method known as steganography, in which updates received from control servers are stashed inside image files.

In another testament to the skill of the attackers, MiniDuke has taken hold of government agencies, think tanks, a US-based healthcare provider, and other high-profile organizations using the first known exploit to pierce the security sandbox in Adobe Systems' Reader application. Adding intrigue to this, the MiniDuke exploit code contained references to Dante Alighieri's Divine Comedy and also alluded to 666, the Mark of the Beast discussed in a verse from the Book of Revelation.

Read 11 remaining paragraphs | Comments