Worker who snuck NSA malware home had his PC backdoored, Kaspersky says

An NSA worker who reportedly snuck classified materials out of the agency stored them on a home computer that was later infected by a malicious backdoor that allowed third-parties to remotely access the machine, officials with Moscow-based antivirus provider Kaspersky Lab said.

The NSA worker—described in some published reports as a contractor and in others as an employee—installed the backdoor after Kaspersky AV had first detected never-before-seen NSA malware samples on his computer. The backdoor was part of a pirated software package that the worker downloaded and installed. To run the pirated software, he first had to disable the AV program on his computer. After being infected, the worker re-enabled the AV program and scanned his computer multiple times, resulting in Kaspersky developing detections for new and unknown variants of the NSA malware.

The NSA worker’s computer ran a home version of Kaspersky AV that had enabled a voluntary service known as Kaspersky Security Network. When turned on, KSN automatically uploads new and previously unknown malware to company Kaspersky Lab servers. The setting eventually caused the previously undetected NSA malware to be uploaded to Kaspersky Lab servers, where it was then reviewed by a company analyst.

Read 9 remaining paragraphs | Comments

Ars Technica

Post Author: martin

Martin is an enthusiastic programmer, a webdeveloper and a young entrepreneur. He is intereted into computers for a long time. In the age of 10 he has programmed his first website and since then he has been working on web technologies until now. He is the Founder and Editor-in-Chief of BriefNews.eu and PCHealthBoost.info Online Magazines. His colleagues appreciate him as a passionate workhorse, a fan of new technologies, an eternal optimist and a dreamer, but especially the soul of the team for whom he can do anything in the world.