Miniduke
(Publication) Google search: [1]
| Miniduke | |
|---|---|
| Botnet | MiniDuke |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2013 / 2013-02-27 |
| Editor/Conference | CrySyS Lab |
| Link | http://blog.crysys.hu/2013/02/miniduke/ blog.crysys.hu (blog.crysys.hu Archive copy) |
| Author | |
| Type | Blogpost |
Abstract
“ Earlier in February 2013, FireEye announced the discovery of a new malware that exploited a 0-day vulnerability in Adobe Reader. Now, we announce another, as yet unknown malware that exploits the same Adobe Reader vulnerability (CVE-2013-0640).
This new malware was named Miniduke by Kaspersky Labs with whom we carried out its first analysis. Our participation in this research was justified by a detected Hungarian incident. A detailed report on the results of our joint efforts has been published by Kaspersky Labs on their Securelist blog site. That report describes what we currently know about the operation of Miniduke including its stages, and also information on the C&C infrastructure and communications. We have published another report from CrySys Lab that contains information on the indicators of Miniduke infections and gives specific hints on its detection. This blog entry is a brief excerpt of our report.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2013BFR1311,
editor = {CrySyS Lab},
author = {},
title = {Miniduke},
date = {27},
month = Feb,
year = {2013},
howpublished = {\url{http://blog.crysys.hu/2013/02/miniduke/ blog.crysys.hu}},
}