The newly discovered version also raises questions over the malware’s origin. One difference is that the 2012 version fetches time from a clock set to Chinese time, the 2011 version fetches the time from a server of the US Department of the Navy.
The MiniDuke sample just discovered by Bitdefender researchers dates back to at least June 20, 2011, predating the oldest know variant, also discovered by Bitdefender, by almost a year. Used to steal intelligence from European governments and various institutes worldwide, the 2011 strain was intended to behave the same as the newer ones.
“The discovery of this older MiniDuke malware strain raises questions about the origin of the 2012 samples and the malware as a whole,” said Bitdefender Chief Security Strategist Catalin Cosoi.
“The switch from a US Navy clock to a Chinese clock suggests the malware’s designers are simply throwing up a smoke cloud as to their identity.”
Cosoi, said, however, that all versions so far discovered show that MiniDuke was designed for spying. “MiniDuke was clearly designed as a cyber espionage tool to specifically target key sensitive government data,” he said. “This casts a degree of doubt on who designed MiniDuke.”