Another Nation State Sponsored Trojan?

ars technica reported yesterday on a very sophisticated trojan that has been around, they say, since 2008, went dark in 2011 and came back in 2013.

The trojan is comprised of 5 stages, all but the first of which is encrypted and is serially decrypted to avoid detection.

The interesting part about it is that it apparently is a framework with plugins to attack everything from your keyboard to your mouse to a radio base station.  The link above has more details and a graphic showing the architecture of this thing.  It seems to be very sophisticated.

Supposedly, there have only been around 100 known infections – but do we really know? – mostly inside ISPs.  Symantec suggests that this was done not to spy on the ISP, but rather on their customers.

Now that the cat is out of the bag, I am sure we will hear more in the coming days.  This could be another Stuxnet.

Mitch

Facebooktwitterredditlinkedinmailby feather