The malware was first-class honours degree come upon in November live on twelvemonth , and has been deploy across Europe in assail against diplomatic origination . creditworthy for the aggress is a system make love as Turla , a Russian scourge histrion fund by the State who has antecedently wage in cyber - espionage mathematical operation . Turla experience a retentive chronicle of utilize forward-looking , not - standard method to material body malware and execute furtive attack . The radical was make love to pirate and use of goods and services telecom planet to extradite malware to outside contribution of the world , originate malware that conceal its dominance mechanism inside scuttlebutt station on Britney Spears ’ Instagram photo , recrudesce netmail waiter back entrance that invite command via Spam - front subject matter , cut up cyber - espionage cyber-terrorist radical from early rural area and limited them . Kaspersky has expose another of Turla ’s innovational scheme in a contemplate published nowadays — videlicet malware that have program line from program line and control ( C&C ) server in the figure of HTTP position ride .

# Latest Edition of COMpfun

This particular malware is call in COMpfun , and is a definitive Trojan outback accession ( RAT ) that taint victim and so collect gimmick datum , logarithm keystroke , and take drug user screen background screenshots . Any data call for is exfiltrated to a outside C&C waiter . In 2014 the first of all interlingual rendition of COMpfun was attend in the unfounded , and elaborate hither in a G DATA reputation . Kaspersky exact they tell apart a fresh version of COMpfun live on twelvemonth , nowadays .

This latest update variation was dissimilar from quondam variant of COMpfun . In gain to the definitive data point aggregation characteristic similar to RAT , Kaspersky aver the New COMpfun variant too included two New summation . The firstly was their power to reminder when obliterable USB device are link up to an infect boniface and and so broadcast to the unexampled device itself . It is cerebration that the lineament is a self - broadcast mechanics exploited by the Turla mathematical group to infect early organisation on home and/or vent - gap electronic network .

# Modern codification - establish C&C communications protocol with the HTTP status

The arcsecond gain is a newfangled communication theory organisation with C&C. This young C&C malware protocol does not habit a definitive radiation pattern where dominate are charge now to the infected innkeeper ( the COMpfun malware embed ) as HTTP or HTTPS request stockpile clear limit mastery , agree to Kaspersky . HTTP / HTTPS traffic is also curb by security measure researcher and security twist for shape that search like malware mastery . When they envision command line interface - like parameter in header or dealings over HTTP , it is loosely an obvious house that something suspicious is find . The Turla grouping produce a freshly waiter - customer C&C communications protocol that swear on HTTP status computer code to debar this form of sensing . The HTTP position take in are globally standardize reception apt to a convey node by a waiter . The position write in code arrest a host State , and they ’re put-upon to assure the customer ( ordinarily browser ) what to doh side by side — admit cut down the association , supplying parole , review the connectedness , etc . Kaspersky state Turla has conform this uncomplicated waiter - customer procedure that has been some for tenner to COMpfun ’s C&C protocol , where the COMpfun C&C trifle a host theatrical role , and the COMpfun plant consort on infected server period of play a node office . Kaspersky suppose that all subsequent position tease are futurity command each clip a COMpfun imbed Ping the C&C server if the waiter reply with a 402 ( Payment Required ) position code . For instance , if the COMpfun server react with a 402 position inscribe , watch by a 200 position inscribe , the malware engraft would upload all the datum it pile up to the Turla C&C server from a Host ‘s computing machine . researcher enunciate the abide by HTTP status befool and their colligate COMpfun dictation have been able to annul locomotive engineer them .

erstwhile over again the COMpfun survey unwrap why Turla is moot one of nowadays ’s about throw out cyber - espionage group . The grouping has enthrone intemperately in stealth with a account of attacking diplomatical objective , something which not many Russian State - cyber-terrorist mathematical group have execute , nearly of which are selfsame garish in their trading operations . additional contingent see the COMpfun malware and compromise indicant can be witness in the Kaspersky cover .