Forgot your password?
typodupeerror
Security

Sophisticated Spy Tool 'The Mask' Rages Undetected For 7 Years 98

Posted by samzenpus
from the protect-ya-neck dept.
thomst writes "Kim Zetter of Wired's Threat Level reports that Kaspersky Labs discovered a Spanish-language spyware application that 'uses techniques and code that surpass any nation-state spyware previously spotted in the wild.' The malware, dubbed 'The Mask' by Kaspersky's researchers, targeted government agencies, diplomatic offices, embassies, companies in the oil, gas and energy industries, research organizations, and activists. It had been loose on the Internet since at least 2007 before being shut down last month. It infected its targets via a malicious website that contained exploits — among which were the Adobe Flash player vulnerability CVE-2012-0773, affecting both Windows and Linux machines. Users were directed to the site via spearphishing emails."
This discussion has been archived. No new comments can be posted.

Sophisticated Spy Tool 'The Mask' Rages Undetected For 7 Years

Comments Filter:
  • Editing? (Score:4, Insightful)

    by bigjocker (113512) * on Monday February 10, 2014 @04:10PM (#46212593) Homepage

    This is ridiculous. What kind of editor publishes a note so badly written? You should at least read summaries out loud to see if you would look like an idiot. That would have certainly worked in this case. At least add a preview button for summaries like you do for comments for pete's sake.

    Hoy many errors can you spot?

    "Kim Zetter of Wired's Threat Level reports that Kaspersky Labs discovered a Spanish-language spyware application that employs "uses techniques and code that surpass any nation-state spyware previously spotted in the wild." The malware, dubbed "The Mask" by Kaspersky's researchers, targeted targeted government agencies, diplomatic offices, embassies, companies in the oil, gas and energy industries, and research organizations and activists had been loose on the Internet since at least 2007, before it was shut down last month. It infected its targets via a malicious website that contained exploits — among which were the Adobe Flash player vulnerability CVE-2012-0773 — that affected both Windows and Linux machines. Users were directed to the site via spearphishing emails."

    • Re:Editing? (Score:5, Funny)

      by TechyImmigrant (175943) on Monday February 10, 2014 @04:14PM (#46212641) Journal

      4.
      5 if you include "Hoy many errors can you spot?"

      • by Thud457 (234763) on Monday February 10, 2014 @04:18PM (#46212679) Homepage Journal
        Merely punctuational errorification:

        Hoy! Many errors you can spot!

        • Merely punctuational errorification:

          They should have synergized their market paradigms more to create a more linguistically diverse user experience. It's only gonna get worse though... once Beta consumes the site, all that'll be left is the outward appearance of a badly edited blog.with comments enabled.

        • Actually he's correct when you consider the story is about Spanish malware;

          "Today many errors you can spot!"

      • by bigjocker (113512) *

        Yes, it's missing an A before Hoy ... sorry about that

        • Yes, it's missing an A before Hoy ... sorry about that

          Rumor has it that Alexander Graham Bell wanted everyone to answer the telephone by saying "Ahoy hoy."

          Considering that much modern slang is just shortened versions of older sayings, I'd call "hoy" by itself a fair greeting.

          • Re:Editing? (Score:4, Informative)

            by Chris Mattern (191822) on Monday February 10, 2014 @05:04PM (#46213073)

            Rumor has it that Alexander Graham Bell wanted everyone to answer the telephone by saying "Ahoy hoy."

            Which is not as ridiculous as it sounds. "Hello" was not a common greeting before it became standardized as the way to answer a phone.

            • Rumor has it that Alexander Graham Bell wanted everyone to answer the telephone by saying "Ahoy hoy."

              Which is not as ridiculous as it sounds. "Hello" was not a common greeting before it became standardized as the way to answer a phone.

              I dig it.

              Hell, I'd answer the phone that way myself if so many other greetings weren't already burned into my subconscious.

            • by PRMan (959735)
              Actually, it started in 1803 and was fairly common by the time the telephone was invented.
          • by mwehle (2491950)

            Rumor has it that Alexander Graham Bell wanted everyone to answer the telephone by saying "Ahoy hoy."

            Considering that much modern slang is just shortened versions of older sayings, I'd call "hoy" by itself a fair greeting.

            "Hoy hoy hoy" would be (will be?) a fair greeting among pojama people.

          • by gmagill (105538)

            I think FZ sang it best:
            http://www.youtube.com/watch?v... [youtube.com]

          • Oh wow, this makes me appreciate the Simpsons even more. Mr. Burns used to answer the phone like that, I thought it was just some weird mannerism as a kid, but I guess the joke was that he is just *that* old.
      • by Strider- (39683)

        Slashdot Drinking Game?

      • by steelfood (895457)

        Es just Spanish.

      • by PPH (736903)

        for pete's sake

        6. "Pete" is a proper name and should be capitalized.

    • by asmkm22 (1902712)

      Seriously, this is bad even for Slashdot standards.

    • Re: (Score:3, Informative)

      by Soulskill (1459) Works for Slashdot

      I just updated the summary with grammar fixes. Thanks for pointing it out.

      • by BitZtream (692029)

        Could you please explain why this doesn't happen BEFORE hand?

        Its not like this is a one time thing, this happens pretty much daily.

        Do you guys not have any standards at all? You just keep letting these guys who are clearly not even high school graduates function as 'editors' without ever addressing the issue?

        • by Soulskill (1459) Works for Slashdot

          It does, usually. You don't notice the typos that have already been fixed because there's nothing to notice.

          But we do make mistakes. We can't get 100% of them, but we try to. As you can imagine, it's been pretty hectic around here for the past few days, and that doesn't help.

          • You don't notice the typos that have already been fixed because there's nothing to notice.

            These weren't typos. This was assault and battery on the English language.

            • "English is a language that lurks in dark alleys, beats up other languages and rifles through their pockets for spare vocabulary."

            • by Soulskill (1459) Works for Slashdot

              To be fair, the English language had it coming.

            • by mcgrew (92797) *

              Slashdot editors are technologists, not English majors. I do suggest to them that they hire a couple of English majors to do a quick proofread when the editors are done, though (not me, I'm literate but that wasn't even my minor, and I'm retiring this month anyway).

          • Oh hello Soulskill, nice to see you in the comments.

            Unfortunately "last few days are hectic" isn't remotely close to right. Last Few Years, if you wheeled out that excuse. But no, don't do that either. "Last Few X is Hectic" is a tired phrase now that Big Bad Dice owns you and you have lots of firepower to add!

            Uh... oh. Wait. I just heard 3rd hand they just decided both you AND us are ... worth zero!

            So what exactly are any of us here doing with a value of Zero? Can you buy them out with a Dollar? (Rhetoric,

            • by Soulskill (1459) Works for Slashdot

              Plus, I asked months/a year ago about exporting existing comments out of Slashdot but you/They made sure that was never close to a possibility... really now? Data Capture? I calculate I have almost 100 blog topics stored in raw material here. But no. You gang NEVER made ANY easy export tools under ANY management even BEFORE Dice.

              That's actually much closer to reality now than it's ever been. Hopefully it's something we can get finished soon, but we have a lot of work ahead of us yet. I'm sorry things are sl

    • by neminem (561346)

      Research organizations and activists *have* been loose on the internet since at least 2007, though. Quite a bit earlier, even.

  • We are well into the era of automated translation programs. I'm not sure that the language you see is necessarily what it was written in.

    Having said that, I wonder if they considered Portuguese? Looks a lot like Spanish, and Brazil is a major power in malware.

    • Considering that *Kaspersky*'s press release opens with "Dominican Republic", I would guess the people writing it are probably pretty familiar with the difference.
    • We are well into the era of automated translation programs. I'm not sure that the language you see is necessarily what it was written in.

      Having said that, I wonder if they considered Portuguese? Looks a lot like Spanish, and Brazil is a major power in malware.

      If you aren't writing your malware in Esperanto, you're not trying.

  • by 93 Escort Wagon (326346) on Monday February 10, 2014 @04:30PM (#46212797)

    Boy, that Jim Carrey is one talented dude...

  • I hope that all information that was gathered is published widely on the net and that all English versions are added. The public has a right to know.
  • apparently it targeted targeted slashdot too, via exploits that affected both submitters and editors

  • 1. Profit
    2. Come up with reason for spying ...
    4. Ask for authorization seven years later in secret cabinet meeting held in disused lavatory in sub-sub-basement of outmoded surplus warehouse.

  • by DTentilhao (3484023) on Monday February 10, 2014 @05:34PM (#46213281)
    "Spanish-language spyware application that 'uses techniques and code that surpass any nation-state spyware previously spotted in the wild.'"

    The linked to article seems a little short on details, what exactly makes these `techniques and code' surpass any spyware previously in the wild?
    • The infrastructure used to drive it was way beyond anything they've seen previously, even by ostensibe state actors; also, this sort of thing requires a lot of expensive and time-consuming legwork typically done by state intelligence agencies. The elite intelligence agencies do extensive research on their targets prior to using their weapons; they also maintain extremely high levels of operational sophistication, to the point where there is somebody with a finger on a trigger somewhere, figuring out what ex

    • by kbrannen (581293)
      Can we use (sadly) this as yet another reason Flash must die? How many examples of bad security will it take before kill Flash forever? (Yeah, I know, marketing doesn't care about security as long as it looks good.)
  • After watching the healthcare.gov debacle, it would seem that surpassing nation-state-created software is a very low hurdle!

Forty two.

Working...