BlackEnergy crimeware tool threatens Linux as well as Windows

In today's open source roundup: BlackEnergy malware plug-ins affect Linux and Windows systems alike, but Windows still has more of them

Malware has never been as much of a problem for Linux as it is for Windows. But BlackEnergy is a potent malware threat that has compromised Linux systems as well as Windows computers. Recently the threat posed by BlackEnergy has grown as more information has been gathered about this insidious malware.

Here's a roundup of news stories about BlackEnergy. Note that we've also changed the format of our roundups to make it easier and faster to see the stories that interest you.

Ars Technica's Dan Goodin notes BlackEnergy's new functions

According to a report published Monday by security firm Kaspersky Labs, the breadth of BlackEnergy goes even further. A host of extensions customized for both Windows and Linux systems contain commands for carrying out DoS attacks, stealing passwords, scanning ports, logging IP sources, covertly taking screenshots, gaining persistent access to command and control channels, and destroying hard drives. Researchers Kurt Baumgartner and Maria Garnaeva also acquired a version that works on ARM- and MIPS-based systems and uncovered evidence BlackEnergy has infected networking devices manufactured by Cisco Systems.

They are unsure precisely what the purpose is for some plugins, including one that gathers device instance IDs and other information on connected USB drives and another that collects details on the BIOS, motherboard, and processor of infected systems.

More at Ars Technica

Threat Post's Michael Mimoso gives Windows credit for having more BlackEnergy plugins than Linux

The list of Windows plug-ins is more diverse than for Linux, that in addition to expected plug-ins designed to search for certain file types, steal passwords and certificates, and the dstr command that overwrites and destroys the hard drive with random data, researchers also discovered a backup channel that operates over Google Plus accounts.

The researchers discovered an ID in a configuration file for two Google Plus accounts, one that has been viewed 75 million times.

More at Threat Post

Computerworld's Lucian Constantin points out that BlackEnergy also attacks important governmental organizations

Aside from its apparent interest in ICS operators, the group has been known to target high-level government organizations, municipal offices, federal emergency services, national standards bodies, banks, academic research institutions, property holdings and other organizations. Victims were identified in at least 20 countries.

On Oct. 14 researchers from security firm iSight Partners released a report about one of the group's recent attack campaigns that targeted the Ukrainian government and a U.S.-based organization by leveraging a zero-day -- unpatched -- vulnerability in Microsoft Windows.

More at Computerworld

The Register's Darren Pauli hears the cry of 'f*ck U Kaspersky'

Developers of the maturing malware weapon BlackEnergy have written a personal message for Kaspersky reverse engineers and Cisco developers in new code that targets Linux and router kit.

Researchers Kurt Baumgartner (@k_sec) and Maria Garnaeva said in their analysis it contained wrappers over Cisco EXEC-commands [and] "a punchy message for Kaspersky".

More at The Register

blackenergy threatens linux The Register

What's your take on all this? Tell me in the comments below.


Copyright © 2014 IDG Communications, Inc.

How to choose a low-code development platform