Eye of Sauron-themed trojan targets Russia, Sweden

Necromancer-loving author wrote 'tricky' malware at its core

Eye of Sauron with Mount Doom in the background. Still from the film version of JRR Tolkien's Lord of the Rings. Copyright New Line Cinema
Eye of Sauron as depicted in the film version of LOTR. (c) New Line Cinema

A previously unknown group called Strider has been conducting cyberespionage-style attacks against selective targets in Russia, China, Sweden, and Belgium.

Strider uses an advanced piece of malware known as Remsec to conduct its attacks. Remsec creates a back door on an infected computer - establishing a means to log keystrokes and steal files in the process.

Remsec’s code was found out to contain a reference to Sauron, the all-seeing antagonist in The Lord of the Rings, Symantec reports.

“Strider is capable of creating custom malware tools and has operated below the radar for at least five years,” according to Symantec. “Based on the espionage capabilities of its malware and the nature of its known targets, it is possible that the group is a nation-state level attacker.”

Symantec has found evidence of infections in 36 computers across seven separate organisations since October 2011 – including an airline in China and an embassy in Belgium.

One of Strider’s targets hit by Strider had previously been infected by the Regin malware toolkit, another cyber espionage-style nasty. Strider’s attacks have tentative links with a previously uncovered group, Flamer, which also used Lua modules to code malware. Flamer targeted the Middle East.

More details on Symantec’s research into Strider and the malicious code it slings can be found in a blog post here. ®


Biting the hand that feeds IT © 1998–2017