What you should know about the Red October virus

In October of 2012, Kaspersky Labs discovered what could be the most powerful and complex computer virus to date. They are calling it Red October, after the submarine featured in the Tom Clancy novel and movie of the same name, because of the way that it has been lurking around for the past five years gathering top secret intelligence from countries all over the world.

Here’s the rundown:

The writers are still unidentified

Because Red October’s code contains Russian slang words, Chinese coding styles, and seems to have some parts written by professionals and other parts written by effective amateurs, nobody knows who wrote it or who is collecting the intel. Some think it is state sponsored, like Stuxnet and Flame, others are not so sure.

The virus has hit targets in more than 60 countries

Red October’s targets seem to be primarily located in South-east Europe and Central Asia, but other targets, including ones Australia, Japan, and the US, have been hit too. China has yet to report infection, leading some to believe that they are behind it—Kaspersky is quick to point out that that may be an intentional move to make it seems like China is the instigator.

In the wild for five years

It would appear that Red October has been operating online since late 2007, routing through over 60 domain names and proxy server locations to keep itself hidden. The virus has been hitting the same targets continuously, using the same passwords and keys obtained from previous strikes to re-access target hardware.

Red October has hit NATO

NATO encrypts all of its files with what is called an 'Acid Cryptofiler', but because Red October uses a keylogger to record passwords, NATO files have been compromised. The EU uses the same encryption method, meaning that this might be the biggest security breach in history.

Email transmission

Not only does Red October transmit via emails, it uses a selective technique called 'spear phishing' to hit specific targets as well as to keep itself under the radar. The emails will have subject lines specific to the receiver, and will discretely infect and extract once opened.

Red October (like Flame) can infect mobiles

Just like Flame, Red October is able to infiltrate mobile devices such as the iPhone and certain Windows and Nokia platforms. Red October is able to steal information such as contact lists, call history, message contents, and even a list of browser history.

Most infections have occurred in Russia

Because Kaspersky has identified the virus, most countries have ramped up their security measures significantly. The most infected victim? Russia, with 35 infections. Following closely behind is Kazakhstan.

The investigation is still ongoing

The virus has officially been identified, but the command and control servers are slowly being shut down, which means the culprit is destroying the evidence. What is troublesome to researchers is that the virus has the ability to essentially “hide out” in sensitive machines and reactivate at a later date, perhaps one more convenient for the hacker. Whether that happens, only time will tell.

Charles Trentham is a diehard tech blogger who loves to write about software, technology, and future science. After retiring from a small telecom startup after the bubble burst, he's been blogging full time, including some freelance work on such topics as internet security software in order to feed his tech habits. He enjoys spending time with his family and Kelpie named Elaine.

Tags cybercrimeviruskaspersky labsNATORed October

Show Comments