Sophisticated Spy Tool 'The Mask' Rages Undetected For 7 Years 98
thomst writes "Kim Zetter of Wired's Threat Level reports that Kaspersky Labs discovered a Spanish-language spyware application that 'uses techniques and code that surpass any nation-state spyware previously spotted in the wild.' The malware, dubbed 'The Mask' by Kaspersky's researchers, targeted government agencies, diplomatic offices, embassies, companies in the oil, gas and energy industries, research organizations, and activists. It had been loose on the Internet since at least 2007 before being shut down last month. It infected its targets via a malicious website that contained exploits — among which were the Adobe Flash player vulnerability CVE-2012-0773, affecting both Windows and Linux machines. Users were directed to the site via spearphishing emails."
Editing? (Score:4, Insightful)
This is ridiculous. What kind of editor publishes a note so badly written? You should at least read summaries out loud to see if you would look like an idiot. That would have certainly worked in this case. At least add a preview button for summaries like you do for comments for pete's sake.
Hoy many errors can you spot?
"Kim Zetter of Wired's Threat Level reports that Kaspersky Labs discovered a Spanish-language spyware application that employs "uses techniques and code that surpass any nation-state spyware previously spotted in the wild." The malware, dubbed "The Mask" by Kaspersky's researchers, targeted targeted government agencies, diplomatic offices, embassies, companies in the oil, gas and energy industries, and research organizations and activists had been loose on the Internet since at least 2007, before it was shut down last month. It infected its targets via a malicious website that contained exploits — among which were the Adobe Flash player vulnerability CVE-2012-0773 — that affected both Windows and Linux machines. Users were directed to the site via spearphishing emails."
Re:Editing? (Score:5, Insightful)
Not the OP here, but you are wrong. Good luck next time.
1) "badly written" is acceptable
2) "would" is correct, your "correction" of "will" is wrong.
3) This/That is interchangeable.
4) Now you just look like an idiot.
5) I'm not even going to bother.
You have five corrections but you only count four?
Re:Editing? (Score:5, Funny)
You have five corrections but you only count four?
He's probably from the Spanish inquisition.
Re: (Score:3)
Re: (Score:2)
haha that's brilliant! because that's one thing nobody ever expects!!!
Re: (Score:2)
1) "badly written" is acceptable
Not in this context. 'Badly written' normally means 'illegible'. 'Poorly written' is the appropriate phrase.
So Dexter, seeing a quotation from Paradise Lost scrawled by a bloody hand across the wall of a Miami condo, would say, 'That was badly written.'
Milton's ghost, on the other hand, would look at the awkward parts of the latter seasons of Dexter and say, 'That was poorly written.'
There...are...four...lights!!! (Score:2)
There...are...four...lights!!!
Re: (Score:2)
Bigjocker does not pretend to be a competent writer or editor. Thomst does.
Re: (Score:2)
"poorly written"*
"if you will look like an idiot"*
"This would have"*
"summaries similar to the ones for"*
"Pete's sake"*
I count four.
Really? I count five. Well, less, really, because at least one is wrong ("would look" is better than "will look" because the opportunity correction exists) and most of the rest are highly debatable, not least for the fact that the GP isn't pretending to be a professional news website.
Re: (Score:2)
because the opportunity for correction exists
FTFM.
Re: (Score:2)
Re:Editing? (Score:5, Funny)
4.
5 if you include "Hoy many errors can you spot?"
"hoy" is a perfectly cromulent word (Score:5, Funny)
Hoy! Many errors you can spot!
Re: (Score:1)
Merely punctuational errorification:
They should have synergized their market paradigms more to create a more linguistically diverse user experience. It's only gonna get worse though... once Beta consumes the site, all that'll be left is the outward appearance of a badly edited blog.with comments enabled.
Re: (Score:2)
Actually he's correct when you consider the story is about Spanish malware;
"Today many errors you can spot!"
Re: (Score:2)
Yes, it's missing an A before Hoy ... sorry about that
Re: (Score:2)
Yes, it's missing an A before Hoy ... sorry about that
Rumor has it that Alexander Graham Bell wanted everyone to answer the telephone by saying "Ahoy hoy."
Considering that much modern slang is just shortened versions of older sayings, I'd call "hoy" by itself a fair greeting.
Re:Editing? (Score:4, Informative)
Which is not as ridiculous as it sounds. "Hello" was not a common greeting before it became standardized as the way to answer a phone.
Re: (Score:2)
Which is not as ridiculous as it sounds. "Hello" was not a common greeting before it became standardized as the way to answer a phone.
I dig it.
Hell, I'd answer the phone that way myself if so many other greetings weren't already burned into my subconscious.
Re: (Score:2)
Re: (Score:2)
Rumor has it that Alexander Graham Bell wanted everyone to answer the telephone by saying "Ahoy hoy."
Considering that much modern slang is just shortened versions of older sayings, I'd call "hoy" by itself a fair greeting.
"Hoy hoy hoy" would be (will be?) a fair greeting among pojama people.
Re: (Score:1)
I think FZ sang it best:
http://www.youtube.com/watch?v... [youtube.com]
Re: Editing? (Score:2)
Re: (Score:2)
Slashdot Drinking Game?
Re: (Score:2)
Es just Spanish.
Re: (Score:2)
for pete's sake
6. "Pete" is a proper name and should be capitalized.
Re: (Score:2)
They should put stories under version control.
Re: (Score:2)
Seriously, this is bad even for Slashdot standards.
Re: (Score:3, Informative)
I just updated the summary with grammar fixes. Thanks for pointing it out.
Re: (Score:1)
Could you please explain why this doesn't happen BEFORE hand?
Its not like this is a one time thing, this happens pretty much daily.
Do you guys not have any standards at all? You just keep letting these guys who are clearly not even high school graduates function as 'editors' without ever addressing the issue?
Re: (Score:2)
It does, usually. You don't notice the typos that have already been fixed because there's nothing to notice.
But we do make mistakes. We can't get 100% of them, but we try to. As you can imagine, it's been pretty hectic around here for the past few days, and that doesn't help.
Re: (Score:2)
You don't notice the typos that have already been fixed because there's nothing to notice.
These weren't typos. This was assault and battery on the English language.
Re: (Score:2)
"English is a language that lurks in dark alleys, beats up other languages and rifles through their pockets for spare vocabulary."
Re: (Score:3)
To be fair, the English language had it coming.
Re: (Score:2)
Slashdot editors are technologists, not English majors. I do suggest to them that they hire a couple of English majors to do a quick proofread when the editors are done, though (not me, I'm literate but that wasn't even my minor, and I'm retiring this month anyway).
Re:It does, usually. (No) (Score:2)
Oh hello Soulskill, nice to see you in the comments.
Unfortunately "last few days are hectic" isn't remotely close to right. Last Few Years, if you wheeled out that excuse. But no, don't do that either. "Last Few X is Hectic" is a tired phrase now that Big Bad Dice owns you and you have lots of firepower to add!
Uh... oh. Wait. I just heard 3rd hand they just decided both you AND us are ... worth zero!
So what exactly are any of us here doing with a value of Zero? Can you buy them out with a Dollar? (Rhetoric,
Re: (Score:2)
That's actually much closer to reality now than it's ever been. Hopefully it's something we can get finished soon, but we have a lot of work ahead of us yet. I'm sorry things are sl
Re: (Score:2)
Research organizations and activists *have* been loose on the internet since at least 2007, though. Quite a bit earlier, even.
Looks like Spanish? (Score:2)
We are well into the era of automated translation programs. I'm not sure that the language you see is necessarily what it was written in.
Having said that, I wonder if they considered Portuguese? Looks a lot like Spanish, and Brazil is a major power in malware.
Re: (Score:3)
Re: (Score:2)
We are well into the era of automated translation programs. I'm not sure that the language you see is necessarily what it was written in.
Having said that, I wonder if they considered Portuguese? Looks a lot like Spanish, and Brazil is a major power in malware.
If you aren't writing your malware in Esperanto, you're not trying.
It's called "The Mask"? (Score:4, Funny)
Boy, that Jim Carrey is one talented dude...
Publish It All On the Net (Score:2)
a Spanish-language spyware attacks english grammer (Score:1)
apparently it targeted targeted slashdot too, via exploits that affected both submitters and editors
Re: (Score:2)
Re: (Score:1)
The "awesomeness" of the commentariat departed a long time ago. What was once "awesome" is now merely "occasionally insightful or informative."
But yes, the signal to noise ratio is plummeting even further with all of the Beta whining.
Re: (Score:1)
Sequence of The Mask events (Score:1)
1. Profit ...
2. Come up with reason for spying
4. Ask for authorization seven years later in secret cabinet meeting held in disused lavatory in sub-sub-basement of outmoded surplus warehouse.
Re: (Score:1)
There is no Five... Three! I mean three!
Re: (Score:2)
No documents have been located responsive to your requect for information on 'Step #3'. Move along Citizen, nothing to see here.
Spyware techniques and code? (Score:3, Insightful)
The linked to article seems a little short on details, what exactly makes these `techniques and code' surpass any spyware previously in the wild?
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
Re:Where's the beef? (Score:5, Informative)
I would like to know what is meant by "affecting...Linux".
You're right to question the FUD.
SecureList has a MUCH better story that makes it clear "Careto" is closer to a precision-targeting crackers' toolkit rather than typical Windows malware (they have identified a total of 380 unique targets so far). It didn't just use the Flash vulnerability, but had multiple vectors, including Chrome plugins and social engineering techniques.
From their FAQ:
Is this a Windows-only threat? Which versions of Windows are targeted? Are there Mac OS X or Linux variants?
So far, we observed Trojans for Microsoft Windows and Mac OS X. Some of the exploit server paths contain modules that appear to have been designed to infect Linux computers, but we have not yet located the Linux backdoor. Additionally, some of the C&C artifacts (logs) indicate that backdoors for Android and Apple iOS may also exist.
Have you seen any evidence of a mobile component - iOS, Android or BlackBerry?
We suspect an iOS backdoor exists but we haven't been able to locate it yet. The suspicion is based on a debug log from one of the C&C servers where a victim in Argentina is identified and logged as having a user agent of "Mozilla/5.0 (iPad; CPU OS 6_1_3 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Mobile/10B329". This appears to indicate it is an iPad, although without a sample, it's hard to be sure.
In addition to this, we also suspect the existence of an Android implant. This is based on a unique version identifier sent to the C&C which is "AND1.0.0.0". Communications with this unique identifier have been observed over 3G links, indicating a possible mobile device.
http://www.securelist.com/en/b... [securelist.com]
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Surpasses nation-state code? (Score:2)
After watching the healthcare.gov debacle, it would seem that surpassing nation-state-created software is a very low hurdle!
Re: (Score:1)
*rimshot*