ChiefsPlanet - Electronics Sophisticated malware discovered after 7 years, likely created by a nation-state

ChiefsPlanet (https://www.chiefsplanet.com/BB/index.php)

- Media Center (https://www.chiefsplanet.com/BB/forumdisplay.php?f=2)

- -

Sophisticated malware discovered after 7 years, likely created by a nation-state (https://www.chiefsplanet.com/BB/showthread.php?t=282581)

Sophisticated malware discovered after 7 years, likely created by a nation-state

http://internetadvisor.net/wp-conten...___ZDNet-2.png

Security firm Kaspersky Labs recently released a research paper that uncovers the existence of a piece of highly complex malware that's been in circulation for almost seven years. It's called "The Mask," which is a rough English translation of Careto, a Spanish word for "ugly face" that was found in the malware's code. Aimed at high-level targets such as government institutions, embassies and large energy corporations, Kaspersky says "The Mask" has already claimed nearly 380 unique victims (with more than 1,000 IPs) in 31 countries that include China, France, Germany, the UK and the US. Kaspersky first spotted it in a spear phishing email campaign that entices the recipient over to malicious websites disguised as news sites like The Guardian and the Washington Post.

Kaspersky reports that the malware is extremely sophisticated, with a set of tools that include a rootkit, a bootkit, versions that'll affect 32- and 64-bit Windows, Mac OS X, Linux and possibly even mobile operating systems like Android and iOS. Once it gets its hooks into your system, it can be used to hijack all your communication channels and snatch everything from Skype conversations to sensitive encryption keys. It's also very difficult to detect. Due to the level of finesse found in the malware, Kaspersky concludes that "The Mask" was very likely created by a nation-state, much like Stuxnet and Duqu. As to which nation-state that is, the security firm doesn't know, but says it's probably one that is Spanish-speaking based on the code's language. Intrigued? Go on and hit the PDF link here to get the full rundown of what Kaspersky discovered.

http://www.securelist.com/en/downloa...emask_v1.0.pdf

I'm not clicking on that link.

Quote:

Originally Posted by htismaqe (Post 10517616)

I'm not clicking on that link.

My thoughts exactly.

Quote:

Originally Posted by htismaqe (Post 10517616)

I'm not clicking on that link.

ROFL

us govt opened up pandora's box by weaponizing the internet. Now its a free for all.

Quote:

Originally Posted by planetdoc (Post 10518090)

us govt opened up pandora's box by weaponizing the internet. Now its a free for all.

That makes no sense. If the US government unilaterally declines to participate in an "arms race", it doesn't mean the race won't happen, it just means that we will lose it.

Quote:

Originally Posted by patteeu (Post 10518094)

That makes no sense. If the US government unilaterally declines to participate in an "arms race", it doesn't mean the race won't happen, it just means that we will lose it.

Pretty much.

Quote:

Originally Posted by htismaqe (Post 10517616)

I'm not clicking on that link.

Seriously. How about a plain text file? Or a Word document for that matter. Just don't choose the same file format that the tool likely used in the spear phishing attacks to begin with.

Quote:

Originally Posted by DaveNull (Post 10519028)

Seriously. How about a plain text file? Or a Word document for that matter. Just don't choose the same file format that the tool likely used in the spear phishing attacks to begin with.

How about not ending the article with:

Intrigued? Go on and hit the PDF link here to get the full rundown of what Kaspersky discovered.

Mandiant did the same thing last year. Likely a case of the marketing department not understanding the business or their audience.

Quote:

Originally Posted by patteeu (Post 10518094)

That makes no sense. If the US government unilaterally declines to participate in an "arms race", it doesn't mean the race won't happen, it just means that we will lose it.

nope. you dont have to use those offensive capabilities like the US did with stuxnet. Its like saying that since the US has nuclear weapons than they should go ahead and use it.

1. The US declared cyberattacks an act of war.

2. US undermined this position with the Stuxnet and Flame virus.

3. Instead of working to make US interests more secure, the US government has worked to cripple and backdoor hardware and software. This makes US companies and infrastructure more vulnerable to attack.

4. US finds and gather 0-day exploits and vulnerabilities for offensive attacks, but fail to tell US companies so that they may fix their vulnerabilities....once again making them more vulnerable to attack.

America has been so busy with offensive capabilities and an cybe offensive arms race that they have neglected defense.

Quote:

Originally Posted by planetdoc (Post 10519294)

Why not do both?

Quote:

Originally Posted by listopencil (Post 10519314)

Why not do both?

Patching vulnerabilities could undermine your own offensive capabilties assuming that your target patches vulnerabilities you have made public.

Although the US could gather cyber weapons, using them such as they have with stuxnet and Flame lead to the arms-race.

Its like the idea of mutually assured destruction (aka MAD). No one uses nukes because they are scared others will too. After the US used cyberweapons, now plenty of others are as well.

The worst part about all of this is that the US is more technologically advanced than most (if not all) other countries, and thus are the most vulnerable to cyberattacks. They have neglected defending the homeland to go on the offensive.

Stuxnet will come back to Haunt us

Quote:

THE decision by the United States and Israel to develop and then deploy the Stuxnet computer worm against an Iranian nuclear facility late in George W. Bush’s presidency marked a significant and dangerous turning point in the gradual militarization of the Internet. Washington has begun to cross the Rubicon. If it continues, contemporary warfare will change fundamentally as we move into hazardous and uncharted territory.

It is one thing to write viruses and lock them away safely for future use should circumstances dictate it. It is quite another to deploy them in peacetime. Stuxnet has effectively fired the starting gun in a new arms race that is very likely to lead to the spread of similar and still more powerful offensive cyberweaponry across the Internet. Unlike nuclear or chemical weapons, however, countries are developing cyberweapons outside any regulatory framework.

There is no international treaty or agreement restricting the use of cyberweapons, which can do anything from controlling an individual laptop to disrupting an entire country’s critical telecommunications or banking infrastructure. It is in the United States’ interest to push for one before the monster it has unleashed comes home to roost.

Stuxnet was originally deployed with the specific aim of infecting the Natanz uranium enrichment facility in Iran. This required sneaking a memory stick into the plant to introduce the virus to its private and secure “offline” network. But despite Natanz’s isolation, Stuxnet somehow escaped into the cyberwild, eventually affecting hundreds of thousands of systems worldwide.

This is one of the frightening dangers of an uncontrolled arms race in cyberspace; once released, virus developers generally lose control of their inventions, which will inevitably seek out and attack the networks of innocent parties. Moreover, all countries that possess an offensive cyber capability will be tempted to use it now that the first shot has been fired.

Until recent revelations by The New York Times’s David E. Sanger, there was no definitive proof that America was behind Stuxnet. Now computer security experts have found a clear link between its creators and a newly discovered virus called Flame, which transforms infected computers into multipurpose espionage tools and has infected machines across the Middle East.

The United States has long been a commendable leader in combating the spread of malicious computer code, known as malware, that pranksters, criminals, intelligence services and terrorist organizations have been using to further their own ends. But by introducing such pernicious viruses as Stuxnet and Flame, America has severely undermined its moral and political credibility.

Flame circulated on the Web for at least four years and evaded detection by the big antivirus operators like McAfee, Symantec, Kaspersky Labs and F-Secure — companies that are vital to ensuring that law-abiding consumers can go about their business on the Web unmolested by the army of malware writers, who release nasty computer code onto the Internet to steal our money, data, intellectual property or identities. But senior industry figures have now expressed deep worries about the state-sponsored release of the most potent malware ever seen.

During the cold war, countries’ chief assets were missiles with nuclear warheads. Generally their number and location was common knowledge, as was the damage they could inflict and how long it would take them to inflict it.

Advanced cyberwar is different: a country’s assets lie as much in the weaknesses of enemy computer defenses as in the power of the weapons it possesses. So in order to assess one’s own capability, there is a strong temptation to penetrate the enemy’s systems before a conflict erupts. It is no good trying to hit them once hostilities have broken out; they will be prepared and there’s a risk that they already will have infected your systems. Once the logic of cyberwarfare takes hold, it is worryingly pre-emptive and can lead to the uncontrolled spread of malware.

Until now, America has been reluctant to discuss regulation of the Internet with Russia and China. Washington believes any moves toward a treaty might undermine its presumed superiority in the field of cyberweaponry and robotics. And it fears that Moscow and Beijing would exploit a global regulation of military activity on the Web, in order to justify and further strengthen the powerful tools they already use to restrict their citizens’ freedom on the Net. The United States must now consider entering into discussions, anathema though they may be, with the world’s major powers about the rules governing the Internet as a military domain.

Any agreement should regulate only military uses of the Internet and should specifically avoid any clauses that might affect private or commercial use of the Web. Nobody can halt the worldwide rush to create cyberweapons, but a treaty could prevent their deployment in peacetime and allow for a collective response to countries or organizations that violate it.

Technical superiority is not written in stone, and the United States is arguably more dependent on networked computer systems than any other country in the world. Washington must halt the spiral toward an arms race, which, in the long term, it is not guaranteed to win.

an old saying applies here, "those who live in glass houses shouldnt throw stones." Stuxnet and Flame were big stones.

Quote:

Originally Posted by planetdoc (Post 10519294)

I'm not sure why you think you know that.