Epic Turla (snake) Malware
Virus Definition
What is Epic Turla (or snake)?
Turla, also known as Snake or Uroburos is one of the most sophisticated ongoing cyber-espionage campaigns. The latest Kaspersky Lab research on this operation reveals that Epic is the initial stage of the Turla victim infection mechanism.
Targets of “Epic” belong to the following categories: government entities (Ministry of Interior, Ministry of Trade and Commerce, Ministry of Foreign/External affairs, intelligence agencies), embassies, military, research and education organisations and pharmaceutical companies.
The attacks detected in this operation fall into several different categories depending on the initial infection vector used in compromising the victim:
- Spear-phishing e-mails with Adobe PDF exploits (CVE-2013-3346 + CVE-2013-5065)
- Social engineering to trick the user into running malware installers with “.SCR” extension, sometimes packed with RAR
- Watering hole attacks using Java exploits (CVE-2012-1723), Adobe Flash exploits (unknown) or Internet Explorer 6, 7, 8 exploits (unknown)
- Watering hole attacks that rely on social engineering to trick the user into running fake “Flash Player” malware installers
How can I protect myself against The Epic Turla?
- Keep operating system and all third party applications, notably Java, Microsoft Office and Adobe Reader updated
- Do not install software from untrusted sources, for instance when prompted by a random page
- Be wary of e-mails from unknown sources containing suspicious attachments or links
A security solution should be turned on at all times and all its components should be active. The solution’s databases should also be up to date.
