|
|
|
Thread Tools | Display Modes |
03-25-2014, 11:23 PM | |
Immanentize The Eschaton
Join Date: Oct 2002
Location: In Partibus Infidelium
Casino cash: $725880
|
Sophisticated malware discovered after 7 years, likely created by a nation-state
Security firm Kaspersky Labs recently released a research paper that uncovers the existence of a piece of highly complex malware that's been in circulation for almost seven years. It's called "The Mask," which is a rough English translation of Careto, a Spanish word for "ugly face" that was found in the malware's code. Aimed at high-level targets such as government institutions, embassies and large energy corporations, Kaspersky says "The Mask" has already claimed nearly 380 unique victims (with more than 1,000 IPs) in 31 countries that include China, France, Germany, the UK and the US. Kaspersky first spotted it in a spear phishing email campaign that entices the recipient over to malicious websites disguised as news sites like The Guardian and the Washington Post. Kaspersky reports that the malware is extremely sophisticated, with a set of tools that include a rootkit, a bootkit, versions that'll affect 32- and 64-bit Windows, Mac OS X, Linux and possibly even mobile operating systems like Android and iOS. Once it gets its hooks into your system, it can be used to hijack all your communication channels and snatch everything from Skype conversations to sensitive encryption keys. It's also very difficult to detect. Due to the level of finesse found in the malware, Kaspersky concludes that "The Mask" was very likely created by a nation-state, much like Stuxnet and Duqu. As to which nation-state that is, the security firm doesn't know, but says it's probably one that is Spanish-speaking based on the code's language. Intrigued? Go on and hit the PDF link here to get the full rundown of what Kaspersky discovered. http://www.securelist.com/en/downloa...emask_v1.0.pdf |
Posts: 56,238
|
03-26-2014, 08:35 AM | #2 |
'Tis my eye!
Join Date: Aug 2000
Location: Chiefsplanet
Casino cash: $9849900
|
I'm not clicking on that link.
|
Posts: 100,197
|
03-26-2014, 10:19 AM | #3 |
Keep doubting J MFing Houston
Join Date: May 2007
Location: ft.lauderdale
Casino cash: $4388036
|
|
Posts: 21,429
|
03-26-2014, 10:25 AM | #4 |
The 23rd Pillar
Join Date: Sep 2002
Casino cash: $10019237
|
__________________
“Boy, you all want power. God, I hope you never get it.” - Lindsay Graham |
Posts: 110,871
|
03-26-2014, 11:37 AM | #5 |
Veteran
Join Date: Apr 2012
Casino cash: $9995865
|
us govt opened up pandora's box by weaponizing the internet. Now its a free for all.
|
Posts: 2,174
|
03-26-2014, 11:39 AM | #6 |
The 23rd Pillar
Join Date: Sep 2002
Casino cash: $10019237
|
That makes no sense. If the US government unilaterally declines to participate in an "arms race", it doesn't mean the race won't happen, it just means that we will lose it.
__________________
“Boy, you all want power. God, I hope you never get it.” - Lindsay Graham |
Posts: 110,871
|
03-26-2014, 11:51 AM | #7 |
Immanentize The Eschaton
Join Date: Oct 2002
Location: In Partibus Infidelium
Casino cash: $725880
|
Pretty much.
|
Posts: 56,238
|
03-26-2014, 05:07 PM | #8 |
Veteran
Join Date: Nov 2011
Location: Villa Straylight
Casino cash: $9985610
|
|
Posts: 2,367
|
03-26-2014, 05:09 PM | #9 | |
'Tis my eye!
Join Date: Aug 2000
Location: Chiefsplanet
Casino cash: $9849900
|
Quote:
Intrigued? Go on and hit the PDF link here to get the full rundown of what Kaspersky discovered. |
|
Posts: 100,197
|
03-26-2014, 05:12 PM | #10 |
Veteran
Join Date: Nov 2011
Location: Villa Straylight
Casino cash: $9985610
|
Mandiant did the same thing last year. Likely a case of the marketing department not understanding the business or their audience.
|
Posts: 2,367
|
03-26-2014, 07:14 PM | #11 | |
Veteran
Join Date: Apr 2012
Casino cash: $9995865
|
Quote:
1. The US declared cyberattacks an act of war. 2. US undermined this position with the Stuxnet and Flame virus. 3. Instead of working to make US interests more secure, the US government has worked to cripple and backdoor hardware and software. This makes US companies and infrastructure more vulnerable to attack. 4. US finds and gather 0-day exploits and vulnerabilities for offensive attacks, but fail to tell US companies so that they may fix their vulnerabilities....once again making them more vulnerable to attack. America has been so busy with offensive capabilities and an cybe offensive arms race that they have neglected defense. |
|
Posts: 2,174
|
03-26-2014, 07:22 PM | #12 | |
Immanentize The Eschaton
Join Date: Oct 2002
Location: In Partibus Infidelium
Casino cash: $725880
|
Quote:
|
|
Posts: 56,238
|
03-26-2014, 07:36 PM | #13 |
Veteran
Join Date: Apr 2012
Casino cash: $9995865
|
Patching vulnerabilities could undermine your own offensive capabilties assuming that your target patches vulnerabilities you have made public.
Although the US could gather cyber weapons, using them such as they have with stuxnet and Flame lead to the arms-race. Its like the idea of mutually assured destruction (aka MAD). No one uses nukes because they are scared others will too. After the US used cyberweapons, now plenty of others are as well. The worst part about all of this is that the US is more technologically advanced than most (if not all) other countries, and thus are the most vulnerable to cyberattacks. They have neglected defending the homeland to go on the offensive. |
Posts: 2,174
|
03-26-2014, 07:55 PM | #14 | |
Veteran
Join Date: Apr 2012
Casino cash: $9995865
|
Stuxnet will come back to Haunt us
Quote:
Last edited by planetdoc; 03-26-2014 at 08:01 PM.. |
|
Posts: 2,174
|
03-26-2014, 10:35 PM | #15 | |
The 23rd Pillar
Join Date: Sep 2002
Casino cash: $10019237
|
Quote:
__________________
“Boy, you all want power. God, I hope you never get it.” - Lindsay Graham |
|
Posts: 110,871
|
|
|