Threat Database Malware Rocra/Red October malware

Rocra/Red October malware

By ESGI Advisor in Malware

Threat Scorecard

Ranking: 2,122
Threat Level: 20 % (Normal)
Infected Computers: 23,046
First Seen: January 15, 2013
Last Seen: September 20, 2023
OS(es) Affected: Windows

Rocra/Red October malware Image

A dangerous malware infection known as Red October has been uncovered in recent months. This malware attack stands out because the Red October seems to be part of a worldwide campaign involving government agencies and important institutions. One of the aspects of the Red October attack that makes the Red October stand out from similar attacks is the length of time that the Red October has taken to uncover this malware campaign, which is comparable with other high profile malware attacks of recent years such as Flame and Stuxnet.

Computer security analysts have identified this malware attack as Red October or Rocra malware. The Red October targets government institutions and political parties in Eastern Europe, Central Asia, and countries that were previously members of the Soviet bloc. Red October is still active and has been constantly stealing data from all kinds of devices, ranging from mobile devices to network machines and individual computer systems. Red October uses numerous command and control servers around the world and, according to PC security researchers, its code is on par in complexity with high profile attacks like the Flame family of malware.

How the Red October is Distributed

Like many malware attacks, Red October begins with a social engineering component. According to malware analysts, Red October is distributed through phishing email messages that are carefully targeted at specific individuals in the kinds of government organizations listed above. The malicious email message contains an email attachment that attempts to exploit at least three different vulnerabilities in the Microsoft Office suite which it uses to install a Trojan on the victim's computer. Finally, this Trojan scans all other computer systems in the targeted machine's network in order to detect other machines vulnerable to these same exploits.

Red October can cause the infected computer to receive orders from a third party. These are typically used to spy on activity taking place on the infected computer. Some examples of typical tasks carried out through the use of Red October include downloading and opening malicious PDF or Microsoft Office documents that exploit vulnerabilities on the infected computer, logging all keystrokes and taking screenshots of the targeted computer's monitor and stealing browser passwords and browsing history. Red October can also steal encrypted files and even retrieve files that have already been deleted. Even worse, Red October can also target various mobile operating systems.


Rocra/Red October malware may call the following URLs:


Most Viewed