This type of protection is very rarely seen in malware, Raiu said. "Something similar was used in the Flame cyberespionage malware, but on the server side."
This is either a cyberespionage tool created by a nation state or one of the so-called lawful interception tools sold by private contractors to law enforcement and intelligence agencies for large sums of money, he said.
Kaspersky Lab doesn't yet have information about this attack's targets or their distribution around the world, Raiu said.
Reached via email on Wednesday, FireEye's senior director of security research, Zheng Bu, declined to comment on the attack's targets. FireEye published a blog post with technical information about the malware on Wednesday, but didn't reveal any information about victims.
Bu said that the malware uses certain techniques to detect if it's being executed in a virtual machine so it can evade detection by automated malware analysis systems.
Free Insider GuideCopyright © 1994 - 2013 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
