For those with Red October espionage virus a free removal tool from bitdefender, download via this link: http://download.bitdefender.com/removal_tools/RedOctoberRemovalTool.exe (as Rocra has been infecting computers undetected during approx. 5 years)
Read about this malware here: http://www.securelist.com/en/blog/785/The_Red_October_Campaign_An_Advanced_Cyber_Espionage_Network_Targeting_Diplomatic_and_Government_Agencies (link article from GReAT
Kaspersky Lab Expert) proliferation of this worldwide threat → : http://www.securelist.com/en/images/pictures/klblog/797.png
polonus
Hi Polonus,
Is there a high possibility of other minor variants of malware that have remained undetected for years? Flame, for example?
“Why Red October malware is the Swiss Army knife of espionage” by Dan Goodin:
http://arstechnica.com/security/2013/01/why-red-october-malware-is-the-swiss-army-knife-of-espionage/
~!Donovan
Hi !Donovan,
Thanks for your observations and link.
Right you are with your analysis that the malcode abused and re-infected compromised code that remained sitting on computers as leftovers from earlier infections as well as existing unpatched OS and third party software holes to be abused through these crafted attacks. That is why I have installed ZeroVulnerability Exploit Shield that protects against these zero-day manipulations. For instance it will block javaw.exe to launch java without a console window because that is basically insecure. I also advice users to completely scan their browser file location after they ended a browser session and completely empty the browser history and cache from time to time.
If certain attack code is not being shared then the malcode can function undetected and unnoticed for quite some time. Kaspersky may over-emphasize this issue a bit, but they sure have some points where Rocra is concerned,
polonus