Spy virus ‘MiniDuke’ attacks Romania, Czech Republic

A new virus designed to spy on global government institutions, dubbed ‘MiniDuke’ was discovered by Russian anti-virus giant Kaspersky, the company wrote in a press release.

“According to Kaspersky Lab’s analysis, a number of high profile targets have already been compromised by the MiniDuke attacks, including government entities in Ukraine, Belgium, Portugal, Romania, the Czech Republic and Ireland,” Kaspersky wrote on their website.

The virus was disguised as a pdf file about a fictional human rights seminar. In the case of Ukraine, it came in as a foreign policy document. It attacked Adober Reader versions 9,10 and 11, according to Kaspersky.

The report by the Russian anti-virus company indicates that the intruder was launched in late February of 2013 and may still be attacking government institutions.

“MiniDuke’s highly customized backdoor was written in Assembler and is very small in size, being only 20kb,” added Kaspersky. “[It is a] combination of experienced old school malware writers using newly discovered exploits and clever social engineering to compromise high profile targets.”

Once the virus enters a computer it sends a tiny downloader onto the hard disk, which is adept at being dormant in order to avoid discovery.

Romania’s secret service SRI announced that MiniDuke may have been financed and implemented by a state institution such as a country’s intelligence service, according to news portal Romania-Insider.

SRI is currently investigating the virus to see exactly how many state institutions in Romania it has infiltrated. It is said to be potentially more problematic than the notorious “Red October” virus, which was identified at the end of 2012.

“Red October” was designed to hit diplomatic circles and the administrations of the CIS and Eastern Europe.

Kaspersky has called the MiniDuke virus “extremely dangerous.”