Forgot your password?
typodupeerror
Security

Sophisticated Spy Tool 'The Mask' Rages Undetected For 7 Years 98

Posted by samzenpus
from the protect-ya-neck dept.
thomst writes "Kim Zetter of Wired's Threat Level reports that Kaspersky Labs discovered a Spanish-language spyware application that 'uses techniques and code that surpass any nation-state spyware previously spotted in the wild.' The malware, dubbed 'The Mask' by Kaspersky's researchers, targeted government agencies, diplomatic offices, embassies, companies in the oil, gas and energy industries, research organizations, and activists. It had been loose on the Internet since at least 2007 before being shut down last month. It infected its targets via a malicious website that contained exploits — among which were the Adobe Flash player vulnerability CVE-2012-0773, affecting both Windows and Linux machines. Users were directed to the site via spearphishing emails."
This discussion has been archived. No new comments can be posted.

Sophisticated Spy Tool 'The Mask' Rages Undetected For 7 Years

Comments Filter:
  • Re:Editing? (Score:4, Informative)

    by Chris Mattern (191822) on Monday February 10, 2014 @06:04PM (#46213073)

    Rumor has it that Alexander Graham Bell wanted everyone to answer the telephone by saying "Ahoy hoy."

    Which is not as ridiculous as it sounds. "Hello" was not a common greeting before it became standardized as the way to answer a phone.

  • Re:Editing? (Score:3, Informative)

    by Soulskill (1459) Works for Slashdot on Monday February 10, 2014 @06:15PM (#46213151) Homepage

    I just updated the summary with grammar fixes. Thanks for pointing it out.

  • Re:Where's the beef? (Score:5, Informative)

    by ozmanjusri (601766) <aussie_bob@nOsPAm.hotmail.com> on Monday February 10, 2014 @09:26PM (#46214301) Journal

    I would like to know what is meant by "affecting...Linux".

    You're right to question the FUD.

    SecureList has a MUCH better story that makes it clear "Careto" is closer to a precision-targeting crackers' toolkit rather than typical Windows malware (they have identified a total of 380 unique targets so far). It didn't just use the Flash vulnerability, but had multiple vectors, including Chrome plugins and social engineering techniques.

    From their FAQ:

    Is this a Windows-only threat? Which versions of Windows are targeted? Are there Mac OS X or Linux variants?
    So far, we observed Trojans for Microsoft Windows and Mac OS X. Some of the exploit server paths contain modules that appear to have been designed to infect Linux computers, but we have not yet located the Linux backdoor. Additionally, some of the C&C artifacts (logs) indicate that backdoors for Android and Apple iOS may also exist.

    Have you seen any evidence of a mobile component - iOS, Android or BlackBerry?
    We suspect an iOS backdoor exists but we haven't been able to locate it yet. The suspicion is based on a debug log from one of the C&C servers where a victim in Argentina is identified and logged as having a user agent of "Mozilla/5.0 (iPad; CPU OS 6_1_3 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Mobile/10B329". This appears to indicate it is an iPad, although without a sample, it's hard to be sure.

    In addition to this, we also suspect the existence of an Android implant. This is based on a unique version identifier sent to the C&C which is "AND1.0.0.0". Communications with this unique identifier have been observed over 3G links, indicating a possible mobile device.

    http://www.securelist.com/en/b... [securelist.com]

"Someone's been mean to you! Tell me who it is, so I can punch him tastefully." -- Ralph Bakshi's Mighty Mouse

Working...