G DATA Publishes Analysis of Cyber-espionage Programs
Bochum, Germany (PRWEB) January 16, 2015 -- Targeted cyber-attacks on government institutions, businesses and international organisations have increased in recent years. Malware is the weapon of choice. For seven years, G DATA has followed the development of one of the most well-known malicious programs: Agent.BTZ. In 2008, the malware strain was deployed in a cyber attack on the Pentagon in the USA. In 2014, it was noted that the Uroburos spyware program had attacked both the Belgian and the Finnish Foreign Ministries. In November 2014, ComRAT (Agent.BTZ’s successor) was discovered and analyzed in detail, revealing technical similarities with the Uroburos rootkit. In all malware samples, G DATA security experts found similarities and cumulative programming code. But how do perpetrators approach the concept of cyber-espionage weapons? To illustrate how a highly complex spyware program is developed, the experts investigated Agent.BTZ and Com-RAT more closely - in total 46 different samples from a seven year period were analyzed.
Minor changes to the software
Until version 3.00 in 2012, the G DATA security experts detected only minor changes to the software over the years. Modifications for Windows versions were made, programming errors were eliminated and disguising methods were added. The biggest update took place in version 3.00 of the RAT. However, the attackers' methods are not completely clear. The security experts suspect that well-trained developers, who know how to cover their tracks, are behind the malware.
The G DATA analysts are sure that the group behind Uroburos, Agent.BTZ and ComRAT continues to be active in the malware and APT (Advanced Persistent Threat) area. The latest disclosures and links lead to speculation that even more attacks can be expected in the future.
The detailed analysis of the complex spyware program is described:
https://blog.gdatasoftware.com/blog/article/evolution-of-sophisticated-spyware-from-agentbtz-to-comrat.html
G DATA experts have analyzed the successor to Agent.BTZ, ComRAT: https://blog.gdatasoftware.com/blog/article/the-uroburos-case-new-sophisticated-rat-identified.html
The hijacking of COM objects is investigated in more detail at the G DATA SecurityBlog:
https://blog.gdatasoftware.com/blog/article/com-object-hijacking-the-discreet-way-of-persistence.html
About G DATA
IT security was invented in Germany: G DATA Software AG is the antivirus pioneer. It was 30 years ago that the company, founded in Bochum, in 1985, developed the first program to combat computer viruses. These days, G DATA is one of the world's leading providers of IT security solutions.
For sales inquiries in North America please contact http://www.contronex.com
Thorsten Urbanski, G DATA Software AG, http://www.gdata-software.com, +49 2349762239, [email protected]
Share this article