Avira users are protected against the MiniDuke Malware

If you live on this planet, you must have definitely have heard of the new malware that is making use of a zero-day vulnerability in Adobe Reader.

This malware is called MiniDuke, and it is slowly but surely becoming the nightmare of any company:

  • it is polymorphic – there are thousands of variants in the wild.
  • it is using an exploit in a highly popular software product – Adobe Reader.
  • it starts its actions once the operating system is rebooted, so it cannot be easily associated with an action which the user did just before the infection.
  • the malware copies itself multiple times on the computer, so the cleaning it is rather complex.
  • it makes connections to various Comand and Control (C&C) servers around the world, so it can’t be easily stopped just by shutting down of few of these servers.
  • it can dynamically find other C&C servers using simple Google searches.
  • it uses Twitter to spread links to other C&C servers.
  • it obfuscates the downloads of the real payload containing the malware by downloading first GIF files (small icons)

exploit_code

All Avira users are protected and the malicious files are detected as

– EXP/MiniDukeGif.A – exploited GIF samples

– EXP/MiniDuke.A – exploited PDF samples

– TR/MiniDuke.A – the payload binaries

We were able to detect components used in MiniDuke in other malware dating from 2010.  Due to the high complexity, the analysis of the samples continues and an update will be posted here.

Because of the huge number of exploit samples currently we’re working on a generic exploit detection for the PDF and GIF files.

 

Sorin Mustaca

IT Security Expert

via Avira – TechBlog http://techblog.avira.com/2013/02/28/avira-users-are-protected-against-the-miniduke-malware/en/


© Copyright 2013 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check www.mustaca.com for the IT Consulting services I offer.
Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie http://de.itsecuritynews.info für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca
Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since year 2000 in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is an independent IT Security Consultant focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .

Comments are closed.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close