Sophisticated malware discovered after 7 years, likely created by a nation-state
 

http://internetadvisor.net/wp-conten...___ZDNet-2.png


Security firm Kaspersky Labs recently released a research paper that uncovers the existence of a piece of highly complex malware that's been in circulation for almost seven years. It's called "The Mask," which is a rough English translation of Careto, a Spanish word for "ugly face" that was found in the malware's code. Aimed at high-level targets such as government institutions, embassies and large energy corporations, Kaspersky says "The Mask" has already claimed nearly 380 unique victims (with more than 1,000 IPs) in 31 countries that include China, France, Germany, the UK and the US. Kaspersky first spotted it in a spear phishing email campaign that entices the recipient over to malicious websites disguised as news sites like The Guardian and the Washington Post.

Kaspersky reports that the malware is extremely sophisticated, with a set of tools that include a rootkit, a bootkit, versions that'll affect 32- and 64-bit Windows, Mac OS X, Linux and possibly even mobile operating systems like Android and iOS. Once it gets its hooks into your system, it can be used to hijack all your communication channels and snatch everything from Skype conversations to sensitive encryption keys. It's also very difficult to detect. Due to the level of finesse found in the malware, Kaspersky concludes that "The Mask" was very likely created by a nation-state, much like Stuxnet and Duqu. As to which nation-state that is, the security firm doesn't know, but says it's probably one that is Spanish-speaking based on the code's language. Intrigued? Go on and hit the PDF link here to get the full rundown of what Kaspersky discovered.


http://www.securelist.com/en/downloa...emask_v1.0.pdf

I'm not clicking on that link.

My thoughts exactly.

ROFL

us govt opened up pandora's box by weaponizing the internet. Now its a free for all.

That makes no sense. If the US government unilaterally declines to participate in an "arms race", it doesn't mean the race won't happen, it just means that we will lose it.

Pretty much.

Seriously. How about a plain text file? Or a Word document for that matter. Just don't choose the same file format that the tool likely used in the spear phishing attacks to begin with.

How about not ending the article with:

Intrigued? Go on and hit the PDF link here to get the full rundown of what Kaspersky discovered.

Mandiant did the same thing last year. Likely a case of the marketing department not understanding the business or their audience.

nope. you dont have to use those offensive capabilities like the US did with stuxnet. Its like saying that since the US has nuclear weapons than they should go ahead and use it.

1. The US declared cyberattacks an act of war.

2. US undermined this position with the Stuxnet and Flame virus.

3. Instead of working to make US interests more secure, the US government has worked to cripple and backdoor hardware and software. This makes US companies and infrastructure more vulnerable to attack.

4. US finds and gather 0-day exploits and vulnerabilities for offensive attacks, but fail to tell US companies so that they may fix their vulnerabilities....once again making them more vulnerable to attack.

America has been so busy with offensive capabilities and an cybe offensive arms race that they have neglected defense.

Why not do both?

Patching vulnerabilities could undermine your own offensive capabilties assuming that your target patches vulnerabilities you have made public.

Although the US could gather cyber weapons, using them such as they have with stuxnet and Flame lead to the arms-race.

Its like the idea of mutually assured destruction (aka MAD). No one uses nukes because they are scared others will too. After the US used cyberweapons, now plenty of others are as well.

The worst part about all of this is that the US is more technologically advanced than most (if not all) other countries, and thus are the most vulnerable to cyberattacks. They have neglected defending the homeland to go on the offensive.

Stuxnet will come back to Haunt us

an old saying applies here, "those who live in glass houses shouldnt throw stones." Stuxnet and Flame were big stones.

I'm not sure why you think you know that.

Again, where do you get your confidence? What makes you think the US used cyberweapons first? Or that others wouldn't have acted without the US acting first?

Evidence made available to the public.

It doesnt sound like you are disagreeing with anything I said, just wondering how I know. All of this is common knowledge at this point, but if there is a part of my post you disagree with, than CLEARLY let me know. I really dont feel like walking you through this when its readily available via a simple google search.

Little Boy used against Hiroshima, was the first KNOWN deployment of an atomic bomb. Could another country have secretly acquired and deployed one first? sure, but their is no evidence of that and the idea is nearly statistically improbable.

That is the same with cyberweapons deployed by Operation Olympic Games.

link
you are going to be hard pressed to find a deployment of a cyberweapon by a nation state before that time frame.

There is no proof that another country wouldnt have deployed atomic and plutonium weapons before the US. Since US deployment in world war II, there has been an arms race to acquire nuclear weapons because it is thought of as the "great equalizer."

Same can be said about cyberweapons. There is no proof that another country wouldn't have acted first, but the fact that the US has, led to a race by other countries to have similar capabilities.

That's because, to the NSA, American companies are potential enemies. Everybody is a potential enemy actually.

The former head of the NSA Cyber program, General Keith Alexandar, was a well known paranoid megalomaniac...

Stunningly naive, in my view, to think that other countries wouldn't use cyberweapons if the US hadn't done it first.

I also don't understand why/how the NSA controls whether privately developed software has backdoors, etc. I doubt Microsoft etc. would be very receptive to the NSA approaching them to do that.

The government has all kinds of handshake agreements in this arena. Microsoft is as complicit as any company.

One of the few that doesn't cooperate is Google (largely because they have world domination goals of their own that they don't want to share) and the government straight up went after them.

omg no wai

1000 ips? that's it?

I find your confidence in these paranoid, blame-America theories of yours fascinating. I was curious how you come by it. I disagree with your entire theory.

Cyber warfare is often a bit more subtle than a nuclear bomb. It would be tough to miss news of a nuclear bomb detonation, but cyber attacks don't make the same splash if they're even disclosed publicly.

It took me one google search to find this wikipedia entry:

I know I won't convince you of anything here, but I definitely think your theory that the US opened a pandora's box that hadn't previously been opened with Stuxnet is wrong and I think the information you rely on for your confidence is feeble. I'm sure that in the end, we'll just have to agree to disagree again.

once again, one can substitute the word "nuclear" for "cyber." The previous deterent was that would be considered an "act of war."

an example would be the NSA paying RSA to implement (and make default) the weakened random number generator Dual EC BRG.

http://www.bloomberg.com/news/2013-0...-of-firms.html
http://www.theguardian.com/world/201...tion-user-data
There has also been speculation that NSA paid microsoft to backdoor skype. Prior to MS purchase of skype in 2011 for $8.5 billion, skype used a decentralized "p2p" system. After MS purchase it became centralized, and its ability to comply with PRISM tripled.

Regardless of who did it first, the US has been involved in some very nefarious cyberattacks, some against US companies.

ok. will walk you through it.

https://encrypted-tbn3.gstatic.com/i...p88suCocB8b2DA

already linked the first. US originally said that a cyberattack is an act of war. Than Hayden said stuxnet is "not an act of war." Thus the position was undermined.

already linked documents citing this in this thread. the link below goes further into the topic and provides sources.
The Currency of Exploitation

sure, that is why it took security researchers years to detect and figure out stuxnet. That being said, there is no evidence of a cyberattack similar to stuxnet prior to stuxnet.


that is no way in any level comparable to stuxnet. Those type of attacks are not sophisticated and can be done by anyone unlike the sophistication of stuxnet. Its like comparing handguns to nuclear weapons.

What a cop out. First you said the US launched the first cyber warfare attack. Now, you're complaining because the US may not have actually started it, but they did it better. I hope we continue to be better. You're desperate to blame the US. I think your arguments are garbage.

BTW, I don't care whether one person said cyber warfare is an act of war and then a different person said it isn't. As far as I'm concerned, that's an attempt to deflect from the issue.

reading comprehension fail. Where did I say that? Here are my posts related to this statement in sequential order.

your linked wikipedia article deals with espionage.

Mariom-Webster (your favorite dictionary) defines espionage as
that is far different than an "attack" which they define as
Not at all. US claimed earlier that cyberwarfare is an act of war. Thus the consequences of it would be a physical retaliation. By doing this themselves against Iran and declaring that it isnt an act of war, than they legitimized it for other nations.

Laughable.

should've used Norton. morons.

Norton is one of the worst AV suites on the market.

http://www.av-comparatives.org/

would disagree....though I dont think they include norton in their latest tests.

It's not just about effectiveness, it's also about ease of use, administration, support, etc.

Norton is one of the worst pieces of Windows software there is.

EDIT: That link is broken, by the way.

It would be nice if their is data to quantify that. At least av-comparitives does a good job of quantifying effectiveness.

i'm able to get the link to work just fine. maybe your company is blocking it.

Norton is absolute shit.

Avast mateys!

As a system administrator, I'll throw in another opinion for Norton being complete shit. Terrible performance, bloated services, nightmare administration, sometimes impossible to uninstall, etc, etc.

I'm not surfing from work. And I'm using Google DNS. It doesn't resolve.

EDIT: It didn't resolve. It does now.

There is a new 0-day Adobe Flash bug that is actively being exploited. It affects Windows, Mac, and Linux. Its believed to be state sponsored (by the Syrian Government).

As I've said before, US opened up pandora's box.
https://www.securelist.com/en/blog/8...g_hole_attacks