By GoldSparrow in Rootkits

Named after the mythological snake that eats its own tail, Uroburos is a threatening campaign that has been involved in high profile threat attacks. Reputable computer security firms have issued reports and warnings about Uroburos, also known as Snake, a complicated threat attack that has been developed over nearly a decade. Uroburos involves several complex threat infections and approaches to carry out espionage operations and threat attacks all around the world. Reports about Uroburos indicate that this is mainly a rootkit infection used to spy on targets. Uroburos seems to have been created and used by a Russian government intelligence agency as part of an attack on major, high profile targets. Malware researchers have noted that Uroburos is only part of a larger threat campaign spanning nearly a decade and various other threatening components.

Agent.BTZ, an obsolete Trojan downloader that was used in high profile attacks in the United States in 2008 seems to be part of the same campaign as Uroburos. One important detail that should be noted is that despite the fact that Agent.BTZ is considered obsolete in its original form, Agent.BTZ has evolved into entirely new forms of threats that are active today and responsible for various devastating threat attacks. Uroburos is also currently active, observed nearly two dozen times in Eastern Europe and a handful of times in the United Kingdom and the United States. Since the most recent samples of Uroburos were recovered in the field in January, it is highly likely that Uroburos attacks are still active. Ukraine, in particular, has been one of the top targets of the Uroburos infection.

Apart from Uroburos, other components in this high profile threat attack include threats referred to as Snake, Snark and Sengoku. The time zones involved in the development of Uroburos, as well as several other clues, indicate that Uroburos is the work of a Russian intelligence agency or independent threat developers that are well funded and organized, usually backed by the national government. Lately, some of the most devastating attacks have originated from state-backed sources, including the United States and China (for example, attacks involving Flame, Stuxnet, Turla and other worms).


Most Viewed