Need Computer Services? We Can Help! Call: (317) 585-0500

Super-Sophisticated Spyware Has Been Discovered After Undetected Five-Year Run

Time To Save Big Money With Your Business IT Solutions?

Seperator

Need Someone Reliable To Fix Your Computer Troubles?

Service Award
Top Imgs

You Got The Right Company To Help.

Reach Out To Our Team Today.

Spam

PCHelp protects your privacy. We will ensure your confidentiality.

After spending a half-decade operating undetected, an APT (advanced persistent threat) known as “ProjectSauron” has been uncovered by both Symantec and Kaspersky Labs. A group called “Strider” has been using Remsec, an advanced tool that appears to have been designed for spying.

According to Symantec, the malware has been active since at least October 2011. Symantec became aware of ProjectSauron when their behavioural engineer detected the virus on a customer’s systems. Kaspersky’s software detected the malware in a Windows domain controller as an executable library registered as a Windows password filter.

Spyware

The spyware can deploy custom modules as required, and has a network monitor. Once it has infected a system, it can open backdoors, log keystrokes, and steal files. It is heavily encrypted, allowing it to avoid detection as it takes control, moving across the network and stealing data. As many of its functions are deployed over the network, it resides only in the computer’s memory, not on disk. This, along with the fact that several components are in the form of Binary Large Objects makes it extremely difficult for antivirus software to detect.

So far, evidence of a ProjectSauron infection has been detected in 36 computers by Symatec, spanning seven separate organizations in Russia, China, Sweden, and Belgium, as well as individual’s PCs in Russia. Kaspersky has found more than 30 infections across Russia, Iran, and Rawanda, and suspects that Italy may also have been targeted.

Both Symantec and Kaspersky have suggested that a nation-state may be behind this APT. Kaspersky has collected 28 domains and 11 IP addresses in the US and Europe that may be connected to ProjectSauron campaigns. While it appears that the spyware has gone dark, no one can confirm whether or not Strider’s efforts have ceased. If Strider is in fact a nation-state attacker, these infections will likely continue to crop up.

The fact that ProjectSauron operates by mimicking a password filter module is yet another indication that it may be time for technology users worldwide to move away from relying on passwords, favoring instead biometrics and other more sophisticated security measures.

Need more information on how to best protect your data, devices and business against malware? Contact PC Help Services at (317) 585-0500 or info@pchservices.com with your questions. We’re the trusted IT professionals for businesses in {area}.

Alexssa

My wife called around and the first company to actually answer the phone was PC Help Services, Inc. She scheduled a time for the owner, Jason, to come out to our house; he came out within 48 hours. (In the past, we had taken our computer to a place like Best Buy to get it repaired, but we really don’t like doing that anymore. Even though it costs more for a repairman to come to one’s home, it is worth it for convenience and security.) Jason showed up on time and was very professional. At the advice of the person who scheduled the appt. over the phone, we purchased a new DVD burner from Fry’s ahead of time to save money. When Jason determined that the DVD burner / drive in our computer was indeed inoperable, he began to replace it with the one we had purchased. There was a problem between the computer and the connectors for the new DVD drive. Jason knew of a store from which he could buy a new connector. Within 10 minutes he was back and had spent $5.00 for the connector. He quickly installed the new DVD drive and concluded within 45 minutes, start to finish. Hire PC Help Services, Inc., by all means!”

Philip Kern / April 2009

Connect With Your Computer Support Team

  • 2810 E 116th St Ste 160 Carmel, IN 46033
  • Weekdays 8AM-5PM
    Saturday 10AM-2PM
    Sunday Closed
  • 317.585_.0500