Computers Infected After Visiting Cuban Regime Website

Monday, September 5, 2016
From Caribbean News:

Thousands of computers possibly infected after visiting Cuban government website

After several weeks of analysis, it has been determined that the Cuban government information website ( is dispensing a dangerous clipboard virus that aims to steal information from the computers of unsuspecting visitors to that site.

The analysis of the infection was done by the Guyana-based cyber security firm and regional anti-virus producer Computer Care, with some assistance from the international cyber security community.

Their analysis revealed that the virus launches a permission pop up (on the ACN website) that seemingly gives users an option to either allow it to control their computer clipboard data or to refuse permission. However, it is hoped that most users would instinctively click the “Don’t allow” option button.

But the team of analysts that examined the infection told Caribbean News Now that the virus can still be passed on to a computer even in cases where a user clicks the “Don’t allow” option, since the virus developer seems to have placed a reversed coding action on that option that will provoke a force install via vulnerable browsers.

The virus, which is unique in its programming structure, is functionally similar to other previously deployed clipboard infections, except that it uses more tricky options to take unauthorized control of a computer clipboard. Thereafter, it quickly creates a backdoor on a computer so as to allow for captured information to be sent out to a remote server, in the same way that internet traffic flows in.

It basically copies entries made by the user, including passwords, typed messages, and other data, and then funnels this back to a server, where the information can be accessed and processed by the unknown third party.

And because the infection uses and exploits a few known vulnerabilities of certain JavaScript functions, it is generally difficult for most anti-virus programs to locate and remove it from a computer.

The research, which was headed by Guyana-born software security analyst, Dennis Adonis, who is also the lead anti-virus developer and owner of Computer Care - Guyana, found that the infection could have either been planted by another foreign government or rogue group as part of a cyber warfare strategy or by Cuban cyber intelligence experts themselves.

But whoever has infected the website seems to have the ability to turn the infection on and off at will, ironically to the ignorance of the site owner, which happens to be the government of Cuba.

Questioned on why the virus may be hard for most anti-virus software to pick up, Adonis said that it will be foolhardy for anyone to believe that an anti-virus can actually protect against every infection on a computer.

He stressed that it is practically impossible for every virus to be identified as such because all anti-virus software relies on virus signatures in order to isolate and eliminate an infection.

And since virus planters and hackers are now engaging stealth technology to deploy infections, quite a handful of them were able to make a mockery of most anti-virus software by encrypting their virus signatures.

As in the case of the infection on the Cuban government website, Adonis explained that the virus was very complex to contain, since his initial attempts has showed that the virus immediately tries to replicate itself once you attempt to break into its algorithms.

This, he said, has shown the degree of intelligence that has been deployed into its algorithms, and the level of challenges that the infection can actually create for the average antivirus software.