Anti-Malware Research

More On MiniDuke and How to Remove It

The APT floodgates seem to have opened sometime in the past twelve months, Stuxnet is no longer alone in the field and the latest arrival is MiniDuke, a very sophisticated, if low-profile and minimalist piece of malware.

“We’re dealing, unfortunately, with the work of a very small group of career criminals – people who’ve written a lot of malware before MiniDuke and who are doing more with less.

To make a comparison, Flamer was obviously much more complex, probably the work of a big, competent, well-managed team, there were lots of resources poured into finding and using zero day exploits, it was an expensive e-threat to build, all in all. MiniDuke looks much more like a hacker project, it’s done on a shoestring budget” Marius Tivadar commented.

This comparative lack of resources has apparently imposed some odd design choices on the malware writers.

“The samples we have are all customized, polymorphized, there is an encrypted part which is specifically built for each target machine – but from what we can tell, there is no modularity, like we see with Flamer and Stuxnet. It seems to be all of a piece. It’s very old-school malware, although there are some very modern touches, like the use of Twitter and Google for command and control purposes” Marius said.

When asked to comment upon the possible origin of the malware, mr. Tivadar explained : “we have no leads so far, apart from the appearance of 666 in the code and the fact it was asking what time it is in China at one point. I wouldn’t venture a guess based on such flimsy evidence, frankly.”

Bitdefender has released a free removal tool: MiniDuke Removal Tool (5997 downloads) .

UPDATE: the removal tool has been itself updated, to deal with newly-discovered samples.


About the author



Razvan Stoica is a journalist turned teacher turned publicist and technology evangelist. When Bitdefender isn't paying him to bring complex subjects to wide audiences, he enjoys writing fiction, skiing and biking. Razvan Stoica started off writing for a science monthly and was the chief editor of a science fiction magazine for a short while before moving on to the University of Medicine in Bucharest where he lectured on the English language. Recruited by Bitdefender in 2004 to add zest to the company's online presence, he has fulfilled a bevy of roles within the company since. In his current position, he is primarily responsible for the communications and community-building efforts of the Bitdefender research and technology development arm.


Click here to post a comment