Mystery ComRAT cyber-surveillance tool still going strong, researchers confirm

[InfoSec News <alerts () infosecnews org>]

http://www.techworld.com/news/security/mystery-comrat-cyber-surveillance-tool-still-going-strong-researchers-confirm-3594612/

By John E Dunn
Techworld.com
Jan 20, 2015

Security experts seem no nearer to confirming the nation state behind the 
long-running Uroburos (aka ‘Snake’ or ‘Turla’) cyberweapon (Russia) but 
according to German security firm G Data its developers are still hard at 
work.

The rootkit’s existence was firmed up last March when BAE Systems, G Data 
and Kaspersky published separate research suggesting it had been used to 
compromise large enterprises and government networks for years, including 
its predecessor, Agent.BTZ, successfully used against the US military in 
2008.

G Data has continued researching the software, with a new blog note 
offering a fuller development and version history for what is clearly a 
major intelligence-gathering and compromise platform of which Uroburos was 
only one component.

The earliest detection of 46 samples looked at was version 1.5 in June 
2007 right up to a new RAT, ComRAT, discovered in 2014. BAE Systems 
believes this platform goes back even further, to 2005, which would make 
it the oldest nation state malware currently known about (Stuxnet probably 
didn’t get going until 2006).

[...]

--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/