“Dino is basically an elaborate backdoor Trojan, built in a modular fashion,” said Joan Calvet, malware researcher at ESET. “Among several technical innovations, there is a custom file system used to execute commands in a stealthy fashion, as well as a complex task-scheduling module that works in a similar way to the ‘cron‘ Unix command.”
ESET researchers found evidence that Dino was created by the notorious Animal Farm, an espionage group believed to be part of a French intelligence agency. Animal Farm previously developed the sophisticated malicious attacks Casper, Bunny and Babar. Two indicators early on suggested that the malware coders were French speakers - the wording of error messages and the language code values were in French.
The ESET Research blog post published today includes a lists the commands accepted by the Dino binary, alongside the names chosen by the malware’s developers. The ‘search‘ command proved to be particularly interesting as it allows the operators to look for files with meticulous precision. The malware operator can search infected systems by specifying file types, size of files and a date range when it was last modified.
For more information see ESET’s in-depth analysis on Dino Backdoor Trojan on ESET’s WeLiveSecurity blog: http://www.welivesecurity.com/2015/06/30/dino-spying-malware-analyzed/
About ESET
Since 1987, ESET® has been developing record award-winning security software that now helps over 100 million users to Enjoy Safer Technology. Its broad security product portfolio covers all popular platforms and provides businesses and consumers around the world with the perfect balance of performance and proactive protection. The company has a global sales network covering 180 countries, and regional offices in Bratislava, San Diego, Singapore and Buenos Aires. For more information visit www.eset.com or follow us on LinkedIn, Facebook and Twitter.