Equation Group Spyware Poses Threats Far Beyond Its Original Purpose
NEWS ANALYSIS: New malware strain is probably related to Stuxnet, but with more scary new features that may be nearly impossible to remove if not caught in time.Think of the GrayFish malware as being something like Ebola for computers. Like Ebola, this malware only spreads through direct contact, it can infect its victim in a variety of ways and it may be impossible to cure—at least before it has done irreparable damage. This malware, which is just coming to light through research at Kaspersky Lab, is created and fielded by a shadowy team of hackers, which Kaspersky calls the Equation Group. It got the name because of the highly sophisticated algorithms it uses. Kaspersky says that the most recent version of the malware from this group, called GrayFish, specifically targets computers in a specific list of countries, including China and Russia. As was the case with Stuxnet, this malware is distributed only through infected USB memory sticks. And like Stuxnet the USB vectors work by tempting users in the targeted population to insert the USB memory sticks into a port on a computer to spread the malware infection.
There's been a great deal of speculation about the origin of GrayFish, including that it is being spread by the National Security Agency. Considering the level of complexity and sophistication as well as the list of probable targets, this may be the case. However, Kaspersky is making no such claims, and, in fact, is going out of its way to say that its researchers are making no such connection.