Russian Ouroboros malware devours American files

[Hum]

G Data describes the Uroburos rootkit, which burrows deep into a Windows operating systems, steals files and transmits them back to its overseers.

What makes Uroburos interesting is that it appears to be built to target high-security installations. The malware requires an Internet connection to transmit data, but not to spread. As long as computers are connected via a network , Uroburos can replicate itself and funnel files back to an Internet-connected system for transmission.

One slight consolation is that everyday users probably need not worry about Uroburos. Because of its complexity, its designers probably want it to target government and corporate installations rather than individual users. On the flip side, the malware is extremely difficult to detect and researchers are still not certain about how it spreads.

G Data asserts that the advanced rootkit is very similar to another one called Agent.BTZ that made the rounds against the U.S. government in 2008. Combined with a Russian-language piece of Uroburos code, these similarities suggest that the creators of the malware are either Russian, or wish to pin the blame on Russians.

Because of its complexity, it's not possible to detect or eradicate Uroburos through conventional means. Average users need not worry, but big corporations or government centers might want to monitor their network transmissions very closely for any irregularities. Formatting a system is inconvenient, but it's preferable to shady cybercriminals getting their hands on your sensitive data.

 

more