By Nick Farrell
Security experts from BAE have released a report claiming that the mysterious Uroburos malware which was recently found by German experts has been switched on in the Ukraine.
Uroburos rootkit burrows deep into a Windows operating systems, steals files and transmits them back to its masters. It is built to target high-security installations. The malware requires an Internet connection to transmit data, but not to spread. As long as computers are connected via a network, Uroburos can replicate itself and funnel files back to an Internet-connected system for transmission.
According to the report, the malware has actually been in development since at least 2005 and the research suggests that Uroburos’ authors and operators are committed and well-funded professionals.
Not found in Russia
The malware has been found mostly in Eastern Europe, but also in the US, UK and other Western European countries. Curiously, it is not being seen at all in Russia. Now there is some concern that it might has been activated recently to paralyse computers in the Ukraine.
The country appears to be submitting the most Uroburos related malware samples is the Ukraine, which means that the rootkit has been sitting below the radar and has only recently been spotted working.
BAE said that there have been at least 22 attacks launched against Ukrainian computer systems since January 2013 and a significant uptick in Uroburos-related malware submissions from the country this year.
- You can read the BAE report on PDF here