BrideX worm bites Kasperky Labs

A group of hackers launched a successful attack on the Web server of Russian computer security firm Kaspersky Labs Ltd. on Friday, managing to implant and distribute a copy of the recently discovered Bridex worm in the company's e-mail newsletter.

The successful exploitation of Kaspersky's e-mail list followed what the company described in a statement as a "massive attack" against its Web server on Friday evening, according to Denis Zenkin, head of corporate communications at the Moscow-based company.

A statement posted on Kaspersky's Web site said that the attack began on Thursday night, November 7.

According to Zenkin, the attackers used a sophisticated and "exotic" attack to compromise the company's Web server and gain access to a folder containing mail messages sent out by the company.

From those messages, the attackers were able to obtain the distribution list for the company's e-mail newsletter. A copy of that newsletter was distributed to Kaspersky's customers along with an attached executable file containing the Bridex worm.

"Our IT security people were amazed that hackers got the idea for this kind of hack attack," Zenkin said.

Zenkin refused to provide details on the attack, citing concerns that other members of the hacker community would use that information to carry out further attacks. Zenkin did disclose that Kaspersky's Web server runs the FreeBSD operating system, a version of UNIX, and the common Postfix e-mail server software.

Hackers were not able to gain access to Kaspersky's e-mail address book, nor were they able to penetrate areas of the Web server containing virus signatures for Kaspersky's antivirus software, Zenkin said.

Zenkin declined to say whether antivirus definitions were posted in a more secure area of the server, however, saying only that they were located in different "territories" of the server that were not affected by the attack.

Kaspersky's virus definitions use digital signatures that are verified by the company's software before they are installed and used. Tampering with Kaspersky's virus definitions -- for example, attempting to substitute malicious code for a signature -- would be detected and rejected by the company's software, Zenkin said.

According to Zenkin, Kaspersky knows of no customers who were infected by the newsletter. Kaspersky staff first noticed the attack and took corrective action within minutes of the exploit, Zenkin said.

Nevertheless, the attack produced the unusual scenario of an antivirus vendor's software being used to thwart an attack launched from its own servers. It was an embarrassing fact that more than a few of Kaspersky's customers brought to the company's attention, Zenkin admitted.

Since the attack, Kaspersky has closed the security loophole exploited by the attackers and taken other steps to ensure that future attacks are not successful. In addition, the company inspected the entire contents of its Web server and claims that the e-mail newsletter was the only affected component of its Web site, Zenkin said.

The company traced the attacks to a group of hackers in Mexico, but so far has no concrete evidence pointing to specific individuals, according to Zenkin.

The Bridex worm, also known as "W32/Braid.A" or "I-Worm.Bridex," was first identified in early November and arrives in an e-mail message, typically contained in an attachment named README.EXE.

When recipients double click on the attachment, the worm copies a variant of the FunLove virus to the local system with the name BRIDE.EXE, alters the machine's system registry so that the virus is relaunched each time Windows starts, scans the user's Outlook address book and e-mails copies of itself to any addresses it finds.

Antivirus software vendors including Kaspersky have published updated virus signatures to detect Bridex.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Paul Roberts

IDG News Service
Show Comments

Cool Tech

Bang and Olufsen Beosound Stage - Dolby Atmos Soundbar

Learn more >

Toys for Boys

Sony WF-1000XM3 Wireless Noise Cancelling Headphones

Learn more >

ASUS ROG, ACRONYM partner for Special Edition Zephyrus G14

Learn more >

Nakamichi Delta 100 3-Way Hi Fi Speaker System

Learn more >

Family Friendly

Mario Kart Live: Home Circuit for Nintendo Switch

Learn more >

Philips Sonicare Diamond Clean 9000 Toothbrush

Learn more >

Stocking Stuffer

Teac 7 inch Swivel Screen Portable DVD Player

Learn more >

SunnyBunny Snowflakes 20 LED Solar Powered Fairy String

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?