Bitdefender Discovers Early Version of MiniDuke Malware

An early version of MiniDuke, the sophisticated cyberspy malware that caught media headlines this week after infecting governments and agencies in Europe and elsewhere, has been operating since at least May of 2012, internet security firm Bitdefender has discovered.

MiniDuke was detected by Bitdefender Labs almost a year ago. The variant discovered by Bitdefender was added to the Bitdefender malware database on 26th of May 2012, although the malware was as-yet unrecognized.

The early version of MiniDuke differs from the one discovered this week mainly in that it uses a different installation mode. The early strain also accesses a page titled “What’s the Time in China,” with a clock indicating the date and time, but only makes use of the date. Otherwise, the early sample behaves the same as the ones discovered more recently.

“A malware can wreak a lot of havoc, or collects massive amounts of information, in the space of 10 months,” said Bitdefender Chief Security Strategist Catalin Cosoi. “The discovery of the early version from May 2012 suggests that we are just beginning to understand the size and scope of MiniDuke. We’re still analyzing the sample and will communicate any further significant discoveries.”

MiniDuke has reportedly sought to steal intelligence from the governments of Ireland, Belgium, Romania, Portugal and the Czech Republic as well as various institutes, a healthcare provider in the US, and other victims in Japan, Brazil and elsewhere.

Bitdefender antivirus software removes all known variants of MiniDuke. The company also released today a free stand-alone removal tool for MiniDuke

For a more detailed analysis of the early strain of MiniDuke, see the technical report on the Bitdefender Labs blog.

About the author


Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.


Click here to post a comment