Internet threat level: 1
Apr 11 2013
The study shed light on the activities of a group that has persistently targeted online gaming companies for several years.
Jan 17 2013
“Red October”. Detailed Malware Description 1. First Stage of Attack
Based on the analysis of known cases, we identified two main ways through which Backdoor.Win32.Sputnik infects the victims
Jan 17 2013
“Red October”. Detailed Malware Description 2. Second Stage of Attack
Most of the tasks are provided as one-time PE DLL libraries that are received from the server, executed in memory and then immediately discarded
Jan 17 2013
“Red October”. Detailed Malware Description 3. Second Stage of Attack
The packer disrupts basic software breakpoints and some api hooking techniques, because it decrypts the original exe’s section contents onto heaps in-memory
Jan 17 2013
“Red October”. Detailed Malware Description 4. Second Stage of Attack
Files with the extension ".bak" are treated differently. They are decrypted using a custom AMPRNG algorithm with a hardcoded key, then decompressed using LZMA
Jan 17 2013
“Red October”. Detailed Malware Description 5. Second Stage of Attack
In the Device notification callback function, the module logs each connection and disconnection event. When a device is connected, it starts a new thread that manipulates this device
Jan 14 2013
"Red October" Diplomatic Cyber Attacks Investigation
In October 2012, Kaspersky Lab’s Global Research & Analysis Team initiated a new threat research after a series of attacks against computer networks of various international diplomatic service agencies
© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.