Wild Neutron, a powerful spyware targets with amazing – The World

Le Monde | 08/07/2015 at 15h37 • Updated 07/08/2015 at 3:53 p.m. | By Leloup

A powerful hacking tool, already used in 2013 in attacks against Microsoft, Facebook, Twitter and Apple, was used again in 2015, in a modernized version, to target companies in several countries, including France. This is revealed by the publishers of antivirus Symantec and Kaspersky, Wednesday, July 8; they note that this tool is distinguished from commonly used software.

Called “Wild Neutron”, the software was active since 2011. In 2013, it was used to tackle very large Web companies. Facebook, one of the targets, had explained that at the time of its employees computers had been infected, but the hackers managed to gain access to user data.

record data and install other software

Wild Neutron is designed to record various data on infected machines, install other spyware, or save screenshots and explore a network. Standard functionalities – Kaspersky experts noted, however, that the program stands in contrast with the care taken to conceal the address of the control center, the machine to which stolen information is transmitted and sends commands to the spyware. “ The program is also able to continue to function even if the control center is blocked by contacting a dynamically generated address, only the attacker knows in advance ” notes the publisher.

Other technical refinement, Wild Neutron designers have used in 2015 a security certificate, valid but stolen from the computer manufacturer Acer. Security certificates are used to prove that a site or service is what it purports to be – steal or hijack a not unprecedented feat, but remains uncommon

Real estate, finance, jihadist forum …

But the most intriguing remains the target list of the program, including the latest versions appear designed to make it more flexible. In addition to sharing sites virtual currency Bitcoin, there are real estate investment companies, but also ansar1.info, a major English-speaking jihadist forums, now closed after being the target of an attack claimed by the Anonymous informal group in early 2015. The sites and undertakings referred lie in the United States, Russia, France, Algeria or in Kazakhstan.

Who controls this program? The tracks are slim concede security researchers who have studied it. Words in Romanian and Russian were found in his computer code. The variety of targets indicates that Wild Neutron designers have “ a state of mind and varied interests and uncommon ” notes the editor Kaspersky, for whom “ he is unlikely that a state is behind this software . ” “ The attackers also shown interest in the target of the financial investment industry, suggesting that they have the skills and knowledge to operate this type of information in the financial markets , “he said.