Russian Government Making Spyware?

uroboros__nordic_pentagram_tatoo_by_neometalero-d4uvktdThis past week the German company G Data Security has claimed that the Russian government is behind the latest malware titled “Uroburos”.  They claim that it is one of the most advanced rootkits that they have analyzed, consisting of a driver and a virtual file system.  It is particularly dangerous, they say, because it can embed itself in the computer covertly and then new functions can be added to the malware later on.

The Uroburos rootkit is one of the most advanced rootkits we have ever analyzed in this environment. The oldest driver we identified was compiled in 2011, which means that the campaign remained undiscovered for at least three years.

G Data Security claims that the program behavior as well as file names and the presence of Cyrillic words are evidence that the Russian government was a participant in the creation of this malware.  Another key piece of evidence is that Uroburos looks for “Agent.BTZ” on the infected computer.  Agent.BTZ is extremely malicious malware that was created in Russia and directed at the Pentagon, however it was never linked conclusively to the Russian government.

The last known government sponsored malware was the Stuxnet worm, which aimed to infiltrate nuclear facility software and was created by the United States and Israeli governments.

There are very few governments involved with creating and distributing malware, says Mikko Hypponen, a Chief Technology Officer at F-Secure.

Because of the advanced nature of the malware, G Data suspects that it is tied to intelligence agencies.

The development of a framework like Uroburos is a huge investment. The development team behind this malware obviously comprises highly skilled computer experts, as you can infer from the structure and the advanced design of the rootkit. We believe that the team behind Uroburos has continued working on even more advanced variants, which are still to be discovered.

Uroburos supports 32-bit and 64-bit Microsoft Windows systems. Due to the complexity of this malware and the supposed spying techniques used by it, we assume that this rootkit targets governments, research institutes, or/and big companies.


About the Author

Roger Feinstein has grown up with computers his entire life and strives to help others understand what goes on behind the scenes in their PCs. He's been writing tech articles for websites for over 5 years.

Leave a Reply

If you want a picture to show with your comment, go get a Gravatar.