Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Experts Discovered Cyber Weapon Authored by French Hackers

Cbronline.com reported on 19th February, 2015 stating that security researchers analyzed and discovered that French hackers apparently developed a malware nicknamed 'Babar' as a cyber-weapon.

Edward Snowden leaked documents from Canadian Intel agency CSEC (Communications Security Establishment Canada) which first mentioned Babar referencing to an elephant. Le Monde (French daily evening newspaper) published these and later on Der Spiegel, a popular German weekly news magazine, published these with little redactions.

The malware was united with a spying exercise having a code name as Snowglobe which also spawned a apparently related Remote Access Trojan with a code name of EvilBunny. Canadian spies discovered in November 2009 that implants related to Snowglobe are more advanced than Babar itself.

The feature set of Babar includes clipboard logging, keystroke logging, screenshot snapping and more oddly, the prospect of logging audio conversations held via Yahoo or Skype. It can also inject code into running processes and steal files. Babar is a full-blown spying tool but it is not different on the whole from cybercrime tools like the family of Zeus banking Trojan.

The use of Tor to communicate and its other covertly features make Babar more advanced than common-or-garden cybercrime tools.

Security researchers find that the malware doing the spying contains two parts which are dropper and Trojan.

Softpedia.com published news on 19th February, 2015 quoting Marion Marschalek, malware Analyst of security firm Cyphort, as saying "Babar does not feature strong anti-analysis measures."

She analysis and says that it is not protected by a runtime packer or crypter and does not have sandbox detection or anti-debugging measures and most character strings are shown in clear-text.

Cyphort adds more information about the malicious tool showing two command and control (C&C) servers available in the configuration file. One of them is a genuine website of an Algerian travel agency which is currently online and the other is a Turkish domain presently displaying a banned access error (403).

The researchers did not make any attribution although the general opinion about Babar is that it is a product of a state-sponsored initiative and GDATA says that the "assertion of a 'French intelligence community' is responsible which remains unchanged.

» SPAMfighter News - 2/26/2015

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page