After Babar and Evilbunny, here Casper cybersecurity firm Eset announces that a new malware analysis he attributes to the authors of those in origin of Babar and Evilbunny programs. This new malware share, according to ESET, many similarities to the methods used in the malware Evilbunny and Babar.
However, the company is careful to establish a possible attribution to the original authors of the source code (for Canadian services, they are French), merely to point out the similarities between programs and recall the first Snowden document mentioning Babar and attributed the authorship of the virus to French.
As noted by the Monde.fr & Screens who had access to the report of the company Eset Casper, the first traces of the virus were located in Syria in 2014. The malware was also located on a Syrian government website without the Eset analysts can not determine the exact role of the latter.
The malware named Casper following a dll name left in the source code, has several characteristics of an attack organized by a state: first, ESET researchers noted the use of 0day vulnerabilities exploiting the adobe flash software in the source code. In addition to this first index, analysts also noted that Casper had impressive capabilities and implementation strategies based on the protections put in place on its target.
Joan Calvet, Analyst Eset and compare this phase at a chess game that plays with antivirus Casper, adapting their behavior to antivirus programs detections strategies identified on the machine, “the possibilities offered by this feature show in-depth knowledge of the various antivirus detections behavior “and notes the specialist
Once the strategy decided, Casper contacts its Command & amp server. Control to receive new instructions to execute, while up as much information regarding ‘targeted computer. The server being offline, ESET analysts are not able to detail the final capacity of the malware, but note that it has a modular architecture that allows it to have new features.
Without progress on the authorship of the source code, analysts Eset associated Casper Babar and Evilbunny: firstly, methods of “obfuscation” used by various malware to hide their activity on the machine are similar, as is the behavioral adaptation strategy based on the antivirus installed on the target. Casper also has similarities with the malware Nbot, who shared these traits with Babar according to the findings of Cyphort analysts.
No comments:
Post a Comment