Agent.BTZ spyware hit Europe hard after U.S. military attack - security firm

BOSTON Thu Mar 13, 2014 4:00am IST

Related Topics

Stocks

   

BOSTON (Reuters) - A mysterious computer virus believed to be from Russia infected hundreds of thousands of PCs around the globe after attacking the U.S. military's Central Command in an unprecedented breach uncovered in 2008, according to the details of new research released on Wednesday.

Costin Raiu, director of research at Moscow-based Kaspersky Lab, told Reuters on Wednesday that at least 400,000 computers across Russia and Europe were infected with the virus, dubbed Agent.BTZ, based on the number of infections detected by his firm's anti-virus software.

He said he believes the operators of Agent.BTZ have since stopped communicating with the virus after infections peaked around 2011.

Not much data has been previously released on the virus, so the research from Kaspersky Lab may shed new light on how sophisticated cyber espionage operations are conducted.

Still, Raiu said Kaspersky published its analysis on the attacks because it believes they are likely linked to a sophisticated ongoing operation known as Turla, which is targeting hundreds of government computers across Europe and the United States.

The largest number of infections by Agent.BTZ was in the Russian Federation, followed by Spain and Italy, Raiu said. Other victims were found in Kazakhstan, Germany, Poland, Latvia, Lithuania, the United Kingdom and Ukraine.

Details on the attack on the U.S. Central Command, which in 2008 was in charge of the conflicts in both Iraq and Afghanistan, have been deemed as classified by the Pentagon, so very little has been reported to date.

U.S. officials have said a foreign spy agency was responsible for the 2008 attack, which occurred when an infected flash drive was inserted into a U.S. military laptop at a base in the Middle East. But they have never publicly singled out a particular country.

Experts inside and outside of the U.S. government have told Reuters they strongly suspect that Agent.BTZ was the work of Russian intelligence. Moscow has never confirmed those suspicions and Russia's Federal Security Bureau last week declined to comment when asked about their cyber espionage programs.

Agent.BTZ has been widely described as a software worm used for espionage, yet Raiu said his firm's analysis shows that it is "not optimized for data stealing."

He told Reuters it was programmed to infect large numbers of computers via USB drives, then create profiles describing the systems it had infected to be sent back to its creators.

When its operators identify targets of interest, such as a military network, they would use Agent.BTZ to gain remote control of the system and install other tools, such as software for identifying and stealing data, according to Raiu.

"It's like a cannon. You fire it everywhere and maybe you get lucky," he said. "When you do, you deploy some more advanced levels on top of that."

He said that he believes the group behind Agent.BTZ was also behind Turla, spyware that has infected hundreds of government computers across Europe and the United States in one of the most complex espionage programs uncovered to date. <ID:L6N0M43KA>

Kaspersky Lab has identified cases where a common server was used to control computers infected with Agent.BTZ and Turla. It is also aware of cases where Turla has identified computers infected with Agent.BTZ, then removed Agent.BTZ and replaced it with Turla, Raiu added.

Cybersecurity researchers around the globe are closely studying Turla and potential links to the conflict in Ukraine.

BAE Systems' (BAES.L) Applied Intelligence, the cyber arm of Britain's premier defense contractor, said on Friday that it had obtained the largest number of Turla samples from Ukraine.

(Reporting by Jim Finkle; editing by Richard Valdmanis and G Crosse)

FILED UNDER:
Comments (0)
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.

  • Most Popular
  • Most Shared

APPLE

A shattered large glass panel, part of Apple's cube store on Fifth Avenue, damaged from the results of the snowstorm on Tuesday is seen in New York, January 22, 2014. REUTERS/Shannon Stapleton/Files

Apple e-book settlement gets court nod

Apple Inc won preliminary court approval for its $450 million settlement of claims it harmed consumers by conspiring with publishers to raise e-book prices. In approving the accord, U.S. District Judge overcame concerns she had expressed over a settlement provision allowing Apple to pay just $70 million if related litigation were to drag out.  Full Article 

Reuters Showcase

Patent Battles

Patent Battles

Microsoft sues Samsung in U.S. over patent royalties.  Full Article 

Facebook Back Up

Facebook Back Up

Facebook restores service after outage in many countries.  Full Article 

LinkdIn Growth

LinkdIn Growth

LinkedIn's hiring business seen key to growth  Full Article 

HP Settlement

HP Settlement

Hewlett-Packard to pay $32.5 million to settle USPS pricing case  Full Article 

Digital Teleporting

Digital Teleporting

Film world's cast of toys teleport into digital playground   Full Article 

China Hacking?

China Hacking?

Hacking attack in Canada bears signs of Chinese army unit - expert  Full Article 

P2i IPO

P2i IPO

Start-up behind 'dunkable' phone technology explores Asian IPO  Full Article 

BBM for Windows

BBM for Windows

BlackBerry opens up BBM to Windows phone users  Full Article 

Reuters India Mobile

Reuters India Mobile

Get the latest news on the go. Visit Reuters India on your mobile device.  Full Coverage