Russian Uroburos Malware Devours American Files
The Ouroboros of classical antiquity was a serpent locked in a perpetual cycle devouring its own tail. Taking a page out of the old wyrm's book, the Uroburos malware seeks to engulf whole networks, possibly as part of a Russian espionage plot against the United States.
Although Uroburos seems to have been around since 2011, researchers at the German security firm G Data discovered it only recently. In a blog post, G Data describes the Uroburos rootkit, which burrows deep into a Windows operating systems, steals files and transmits them back to its overseers.
What makes Uroburos interesting is that it appears to be built to target high-security installations. The malware requires an Internet connection to transmit data, but not to spread. As long as computers are connected via a network, Uroburos can replicate itself and funnel files back to an Internet-connected system for transmission.
One slight consolation is that everyday users probably need not worry about Uroburos. Because of its complexity, its designers probably want it to target government and corporate installations rather than individual users. On the flip side, the malware is extremely difficult to detect and researchers are still not certain about how it spreads.
G Data asserts that the advanced rootkit is very similar to another one called Agent.BTZ that made the rounds against the U.S. government in 2008. Combined with a Russian-language piece of Uroburos code, these similarities suggest that the creators of the malware are either Russian, or wish to pin the blame on Russians.
Because of its complexity, it's not possible to detect or eradicate Uroburos through conventional means. Average users need not worry, but big corporations or government centers might want to monitor their network transmissions very closely for any irregularities. Formatting a system is inconvenient, but it's preferable to shady cybercriminals getting their hands on your sensitive data.