Almost every day on the world wide web to discover some new computer viruses. And very seldom happens so that viruses cannot be destroyed. Moreover, a rare virus is able to hide the years, from anti-virus developers. But, according to a recent report of the experts of “Kaspersky Lab”, they were able to detect such a virus: it is almost impossible to destroy, and “worked” it in 2012.
Viral has been called Slingshot and is used for point of spying on users. Virus can save keystrokes, send the screenshots to intercept the traffic, passwords and all data before they are encrypted. Moreover, the work of the virus does not cause any errors in the core system. Also managed to figure out how the virus was introduced into the system: this occurred through a vulnerability routers MikroTik. Manufacturers have already released new firmware, but in “Kaspersky Lab” admit that the virus can use other ways of introduction. By penetrating into the router, the virus replaces one of the DDL malicious by uploading it into the computer’s memory at startup. Thus, the malicious DLL starts the computer and connects to a remote server to download the program Slingshot. As noted by experts, the malware consists of two parts: Cahnadr module (kernel-mode) and GollumApp module (user mode), is designed to collect information, maintain the presence on the system and data theft. According to “Kaspersky Lab”,
“Module Cahnadr, also known as NDriver, has the functions of entitled, rootkit and traffic analysis, setup, other modules and more. Written in the C programming language, Canhadr provides full access to the hard drive and RAM, despite the limitations of the security unit, and performs integrity monitoring of various system components to avoid detection by security systems”.
A high level of protection of the virus from being detected also deserves special mention. For example, another one of his modules is called a Spork. It collects information about the OS and what antivirus is installed on it. Depending on this, the virus uses different methods of infection.
“For example, the virus used encrypted virtual file system, which was created in an unused part of the hard drive. This solution is very complex, and Slingshot is almost the only virus that are equipped with such technology. Moreover, each text string in units of virus is encrypted.”
Who is the author of the virus, at the moment, could not figure out, but according to Engadget, based on code analysis, we can conclude that the malware created, most likely, English-speaking programmers. It is also reported that the main victims of hackers have become a number of government organizations of Kenya, Yemen, Libya, Afghanistan, Iraq, Tanzania, Jordan, Mauritius, Somalia, the Democratic Republic of the Congo, Turkey, Sudan and the United Arab Emirates.