Security Experts Say Equation Malware Dead but Remains a Threat
NEWS ANALYSIS: Security experts say the Equation Group has long since shut down its malware operation after its cover was blown, but the code is available for cyber-criminals to repurpose and refine.
If you're worried about the malware revealed by Kaspersky Lab a few days ago and attributed to the shadowy "Equation Group" the latest word is that it's probably no longer active and any spyware that was put into place on hard drives and elsewhere is likely sending its reports uselessly into the ether. Unfortunately, that's not necessarily very good news. "Now that this malware has been spoken about by Kaspersky, in great detail, those who were using it previously are no longer using it and it’s very likely that it hasn’t been in use for a while," said Adam Kujawa, head of malware intelligence for Malwarebytes. "I say this because folks like these generally know when they have been made, and it’s usually just a few commands to completely shut down the operation and erase its existence." Vitaly Kamluk, principal security researcher at Kaspersky Lab, agrees. "Typically, when there is some exposure, the actor behind the attacks will take down the structure," he said. Kamluk is one of the team at Kaspersky who found and analyzed the Equation group's malware and its associated spyware. "This is several years old," he added.
So if the malware is old, no longer being actively distributed and likely is being ignored, why all the interest? Partly, it's due to the fact that about 500 infestations of the malware are still out there.