New Rocra Spies on Government Agencies Worldwide

Kaspersky Lab the Russian security company has just found 'Rocra' meaning 'Red October' a spyware of the most recent kind that attacks government organizations anywhere. The malware reportedly has been escaping security detection since 5-yrs following its creation in 2007, while there's no break of its use even today.

Explaining further Kaspersky says, after collecting data and secret investigation details from PCs, network systems and mobile devices, Rocra transmits the same to several central C&C (command-and-control) systems that compete with the complicated 'Flame' virus.

Also, typical channel through which Rocra spreads is spear-phishing e-mails that aim at select users inside government organizations. The e-mails carry infected files, which are Microsoft Word or Excel documents containing 3-or-so separate exploits. If these files are pulled down, a Trojan gets unleashed infecting the target computer following which it scrutinizes other PCs on the network so it may spot any other machine potentially susceptible to the identical software vulnerability.

Furthermore, module installations, normally in the form of .DLL libraries, on the target computer enables the completion of several tasks that leads the infected PC to receive and execute commands from the C&C servers, while remove any evidence thereof simultaneously. The malware classifies the tasks into 'one-time' and 'persistent' and this helps it to spy as well as steal through multiple methods, Kaspersky explains.

Interestingly, there's one resurrection module too from the malware that lets the latter remain hidden on a computer like it was erased.

Remarking about this particular capability of Rocra, Prof. Alan Woodward of University of Surrey stated that when the malware got detected, it concealed itself. And, when everybody thought that there was no hurdle, all it required for it to return and become active again was to dispatch a special e-mail, he added. Computerworld.com published this dated January 14, 2013.

Notably, the Rocra, hitherto, hasn't revealed having any connection with other complex malicious programs like Gauss, Flame or Duqu.

And though the perpetrator of the campaign isn't definitely known, clues point to Chinese hackers as the possible creators of the exploits, while the malicious software program seems as the creation of Russian-speaking folks.

Related article: New Spam Mail Charges For IPod

» SPAMfighter News - 1/18/2013