Agent.BTZ spyware hit Europe hard after U.S. military attack - security firm

BOSTON Thu Mar 13, 2014 4:00am IST

Related Topics


A statue of the Ganesh, the deity of prosperity, is carried in a taxi to a place of worship on the first day of the ten-day-long Ganesh Chaturthi festival in Mumbai August 29, 2014. REUTERS/Danish Siddiqui

Ganesh Chaturthi

During Ganesh Chaturthi idols will be taken through the streets in a procession accompanied by dancing and singing, and will be immersed in a river or the sea in accordance with Hindu faith.  Slideshow 

BOSTON (Reuters) - A mysterious computer virus believed to be from Russia infected hundreds of thousands of PCs around the globe after attacking the U.S. military's Central Command in an unprecedented breach uncovered in 2008, according to the details of new research released on Wednesday.

Costin Raiu, director of research at Moscow-based Kaspersky Lab, told Reuters on Wednesday that at least 400,000 computers across Russia and Europe were infected with the virus, dubbed Agent.BTZ, based on the number of infections detected by his firm's anti-virus software.

He said he believes the operators of Agent.BTZ have since stopped communicating with the virus after infections peaked around 2011.

Not much data has been previously released on the virus, so the research from Kaspersky Lab may shed new light on how sophisticated cyber espionage operations are conducted.

Still, Raiu said Kaspersky published its analysis on the attacks because it believes they are likely linked to a sophisticated ongoing operation known as Turla, which is targeting hundreds of government computers across Europe and the United States.

The largest number of infections by Agent.BTZ was in the Russian Federation, followed by Spain and Italy, Raiu said. Other victims were found in Kazakhstan, Germany, Poland, Latvia, Lithuania, the United Kingdom and Ukraine.

Details on the attack on the U.S. Central Command, which in 2008 was in charge of the conflicts in both Iraq and Afghanistan, have been deemed as classified by the Pentagon, so very little has been reported to date.

U.S. officials have said a foreign spy agency was responsible for the 2008 attack, which occurred when an infected flash drive was inserted into a U.S. military laptop at a base in the Middle East. But they have never publicly singled out a particular country.

Experts inside and outside of the U.S. government have told Reuters they strongly suspect that Agent.BTZ was the work of Russian intelligence. Moscow has never confirmed those suspicions and Russia's Federal Security Bureau last week declined to comment when asked about their cyber espionage programs.

Agent.BTZ has been widely described as a software worm used for espionage, yet Raiu said his firm's analysis shows that it is "not optimized for data stealing."

He told Reuters it was programmed to infect large numbers of computers via USB drives, then create profiles describing the systems it had infected to be sent back to its creators.

When its operators identify targets of interest, such as a military network, they would use Agent.BTZ to gain remote control of the system and install other tools, such as software for identifying and stealing data, according to Raiu.

"It's like a cannon. You fire it everywhere and maybe you get lucky," he said. "When you do, you deploy some more advanced levels on top of that."

He said that he believes the group behind Agent.BTZ was also behind Turla, spyware that has infected hundreds of government computers across Europe and the United States in one of the most complex espionage programs uncovered to date. <ID:L6N0M43KA>

Kaspersky Lab has identified cases where a common server was used to control computers infected with Agent.BTZ and Turla. It is also aware of cases where Turla has identified computers infected with Agent.BTZ, then removed Agent.BTZ and replaced it with Turla, Raiu added.

Cybersecurity researchers around the globe are closely studying Turla and potential links to the conflict in Ukraine.

BAE Systems' (BAES.L) Applied Intelligence, the cyber arm of Britain's premier defense contractor, said on Friday that it had obtained the largest number of Turla samples from Ukraine.

(Reporting by Jim Finkle; editing by Richard Valdmanis and G Crosse)

Comments (0)
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.

  • Most Popular
  • Most Shared


Reuters Showcase

Online Crackdown

Online Crackdown

China's Tencent shuts messaging accounts after censorship rules - state media.  Full Article 

New iPhone?

New iPhone?

Apple invites media to Sept. 9 event; new iPhones anticipated.  Full Article 

Tracking Heartbeat

Tracking Heartbeat

U.S. startups get OK for smartphone-based heart tracking.  Full Article 

Hi-Tech Watch

Hi-Tech Watch

Samsung unveils smartwatch that can make calls.  Full Article 

Bitcoin Usage

Bitcoin Usage

Bitcoin shows staying power as online merchants chase digital sparkle  Full Article 

Snapdeal Investment

Snapdeal Investment

Ratan Tata invests in online retailer Snapdeal  Full Article 

Reuters India Mobile

Reuters India Mobile

Get the latest news on the go. Visit Reuters India on your mobile device.  Full Coverage