Skip to content

LitterDrifter USB Worm – Schneier on Security

The LitterDrifter USB worm is wreaking havoc on computers in Ukraine and beyond, according to a recent report. This worm, which spreads through USB sticks, is attributed to a group known by various names, including Gamaredon, Primitive Bear, ACTINIUM, Armageddon, and Shuckworm. The group has been active since 2014 and is believed to be backed by Russia’s Federal Security Service. Unlike other Kremlin-backed groups, Gamaredon’s campaigns targeting Ukrainian organizations are easy to detect and trace back to the Russian government. The malware used by Gamaredon includes a computer worm called LitterDrifter, which is written in Visual Basic Scripting language. This worm not only spreads between USB drives but also infects connected devices with malware that communicates with Gamaredon’s command-and-control servers.

The LitterDrifter worm is designed to spread from computer to computer through USB drives, making it a highly effective method for infecting a large number of devices. The worm is referred to as LitterDrifter by researchers from Check Point Research. Its primary purpose is to promiscuously spread from one USB drive to another. However, it also infects any device connected to these drives with malware that establishes a permanent connection to Gamaredon’s command-and-control servers. This allows the group to obtain as much information as possible from the infected devices. The use of Visual Basic Scripting language makes the worm even more dangerous, as it can easily bypass security measures and go undetected.

The LitterDrifter worm is just one of the many tools employed by Gamaredon in its espionage-motivated campaigns. These campaigns specifically target Ukrainian organizations and aim to gather sensitive information. The group has been active for several years and has been attributed to Russia’s Federal Security Service by the Security Service of Ukraine. While most Kremlin-backed groups operate covertly, Gamaredon seems unconcerned with hiding its activities. As a result, its campaigns are relatively easy to detect and trace back to the Russian government.

In conclusion, the LitterDrifter USB worm is a powerful tool employed by the Gamaredon group to infect computers in Ukraine and beyond. This worm spreads through USB drives and establishes a permanent connection to Gamaredon’s command-and-control servers on infected devices. The worm is written in Visual Basic Scripting language, allowing it to bypass security measures and go undetected. The campaigns conducted by Gamaredon are easy to trace back to the Russian government, as the group does little to hide its activities. These campaigns are aimed at gathering sensitive information from Ukrainian organizations.

Key Points:

1. A new worm called LitterDrifter is infecting computers in Ukraine and beyond via USB sticks.
2. The worm is attributed to the Gamaredon group, believed to be backed by Russia’s Federal Security Service.
3. LitterDrifter spreads through USB drives, infecting connected devices with malware that communicates with Gamaredon’s command-and-control servers.
4. The worm is written in Visual Basic Scripting language, making it highly effective at bypassing security measures.
5. Gamaredon’s campaigns are easy to detect and trace back to the Russian government, and they primarily target Ukrainian organizations to gather sensitive information.

Leave a Reply

Your email address will not be published. Required fields are marked *