MiniDuke Malware Exploits Adobe Flaw, Uses Twitter

Dennis Faas's picture

A newly-discovered form of malware can reportedly spread via malicious PDF documents. An infected system can then be controlled via Twitter.

Called 'MiniDuke' by security experts, it appears the malware is still very active.

Russian security company Kaspersky Lab, who recently discovered MiniDuke, said that recovered fragments of the malware had been created as recently as February 20, 2013. That has led Kaspersky researchers to suggest that MiniDuke is still being used to attack computer systems.

Hackers Capitalize on Adobe Flaw

The malware is reportedly being spread in the form of malicious PDF documents (likely distributed via emails). Kaspersky Lab researchers say that the software itself is quite tiny -- just 20 kilobytes in size.

Researchers add that the bug takes advantage of a vulnerability in Adobe Reader software (versions 9 through 11) which has since been patched. However, it's likely many Adobe users have not yet applied the fix and remain vulnerable to attack. (Source: pcworld.com)

By exploiting the Reader flaw, hackers are able to install a downloader on a victim's PC. This gives them a backdoor approach which allows them to remotely access a compromised PC.

Twitter Used to Expand Infection

Once a computer is infected, the attack code tells the PC to contact Twitter accounts controlled by MiniDuke operators. This allows the malware creators to use Twitter to relay instructions to the infected computer.

Instructions are sent in the form of GIF image files. Once these files make their way onto a compromised system, they extend control of the PC and allow the malware creators to install new and more sinister types of malicious software.

Security experts say that this is a remarkably advanced form of attack that is difficult to detect and remove.

"This model is flexible and enables the operators to constantly change how their backdoors retrieve further commands or malcode as needed," Kaspersky researchers noted in a recent report. (Source: informationweek.com)

Luckily, it does not appear as though MiniDuke has spread too far. At this point there have been just 59 reported infections in 23 countries, including the United States, Brazil, Israel, Japan, and much of Europe.

Rate this article: 
No votes yet