Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Sophisticated Spy Tool 'The Mask' Rages Undetected For 7 Years

samzenpus posted about 8 months ago | from the protect-ya-neck dept.

Security 98

thomst writes "Kim Zetter of Wired's Threat Level reports that Kaspersky Labs discovered a Spanish-language spyware application that 'uses techniques and code that surpass any nation-state spyware previously spotted in the wild.' The malware, dubbed 'The Mask' by Kaspersky's researchers, targeted government agencies, diplomatic offices, embassies, companies in the oil, gas and energy industries, research organizations, and activists. It had been loose on the Internet since at least 2007 before being shut down last month. It infected its targets via a malicious website that contained exploits — among which were the Adobe Flash player vulnerability CVE-2012-0773, affecting both Windows and Linux machines. Users were directed to the site via spearphishing emails."

Sorry! There are no comments related to the filter you selected.

Editing? (4, Insightful)

bigjocker (113512) | about 8 months ago | (#46212593)

This is ridiculous. What kind of editor publishes a note so badly written? You should at least read summaries out loud to see if you would look like an idiot. That would have certainly worked in this case. At least add a preview button for summaries like you do for comments for pete's sake.

Hoy many errors can you spot?

"Kim Zetter of Wired's Threat Level reports that Kaspersky Labs discovered a Spanish-language spyware application that employs "uses techniques and code that surpass any nation-state spyware previously spotted in the wild." The malware, dubbed "The Mask" by Kaspersky's researchers, targeted targeted government agencies, diplomatic offices, embassies, companies in the oil, gas and energy industries, and research organizations and activists had been loose on the Internet since at least 2007, before it was shut down last month. It infected its targets via a malicious website that contained exploits — among which were the Adobe Flash player vulnerability CVE-2012-0773 — that affected both Windows and Linux machines. Users were directed to the site via spearphishing emails."

Re:Editing? (0, Troll)

David Betz (2845597) | about 8 months ago | (#46212619)

"poorly written"* "if you will look like an idiot"* "This would have"* "summaries similar to the ones for"* "Pete's sake"* I count four.

Re:Editing? (5, Insightful)

Anonymous Coward | about 8 months ago | (#46212755)

Not the OP here, but you are wrong. Good luck next time.

1) "badly written" is acceptable
2) "would" is correct, your "correction" of "will" is wrong.
3) This/That is interchangeable.
4) Now you just look like an idiot.
5) I'm not even going to bother.

You have five corrections but you only count four?

Re:Editing? (4, Funny)

gerddie (173963) | about 8 months ago | (#46212929)

You have five corrections but you only count four?

He's probably from the Spanish inquisition.

Re:Editing? (2)

itsthebin (725864) | about 8 months ago | (#46215221)

I suggest you meant "Spanish acquisition "

Re:Editing? (1)

gl4ss (559668) | about 8 months ago | (#46216173)

haha that's brilliant! because that's one thing nobody ever expects!!!

Re:Editing? (1)

grcumb (781340) | about 8 months ago | (#46213557)

1) "badly written" is acceptable

Not in this context. 'Badly written' normally means 'illegible'. 'Poorly written' is the appropriate phrase.

So Dexter, seeing a quotation from Paradise Lost scrawled by a bloody hand across the wall of a Miami condo, would say, 'That was badly written.'

Milton's ghost, on the other hand, would look at the awkward parts of the latter seasons of Dexter and say, 'That was poorly written.'

Re:Editing? (0)

Anonymous Coward | about 8 months ago | (#46216017)

Er.. no.

Re:Editing? (0)

Anonymous Coward | about 8 months ago | (#46221597)

Nice try to dig yourself out of a hole, but, no... nowhere in the definition of "badly" is there implied a physical connotation. Google "badly written" and you'll find plenty of examples of people referring to typed text. Even if you may have a smidgen of fact behind you historically, the internet-enabled colloquial world we're in now lets "badly" be used precisely as bigjocker intended.

You pretty much blew this whole analysis. It could have been funny, but now, no.

There...are...four...lights!!! (1)

xxxJonBoyxxx (565205) | about 8 months ago | (#46217017)

There...are...four...lights!!!

Trying too hard (0)

P1h3r1e3d13 (1158845) | about 8 months ago | (#46212761)

Most of your suggestions are clearer, or better style, but only “pete” is an actual error.
If you want to get that picky, you could use actual quotation marks, instead of straight quotes.

Re:Editing? (1)

Ralph Wiggam (22354) | about 8 months ago | (#46212955)

Bigjocker does not pretend to be a competent writer or editor. Thomst does.

Re:Editing? (0)

Anonymous Coward | about 8 months ago | (#46212993)

That would have been funnier if you didn't blow your analysis... I think your corrections are wrong at least 3 if not four times and you seem to count in IBM.

Re:Editing? (1)

wonkey_monkey (2592601) | about 8 months ago | (#46213001)

"poorly written"*
"if you will look like an idiot"*
"This would have"*
"summaries similar to the ones for"*
"Pete's sake"*

I count four.

Really? I count five. Well, less, really, because at least one is wrong ("would look" is better than "will look" because the opportunity correction exists) and most of the rest are highly debatable, not least for the fact that the GP isn't pretending to be a professional news website.

Re:Editing? (1)

wonkey_monkey (2592601) | about 8 months ago | (#46213109)

because the opportunity for correction exists

FTFM.

Re:Editing? Loose activists! (0)

Anonymous Coward | about 8 months ago | (#46214083)

Heh, keep reading... some errors could be argued to be gramatically correct, eventually, but they're certainly bad style and do not actually communicate whatever it was that's intended. eg.

"activists had been loose on the Internet since at least 2007"

Re:Editing? (1)

BronsCon (927697) | about 8 months ago | (#46213213)

You missed "Hoy".

Re:Editing? (0)

Anonymous Coward | about 8 months ago | (#46220617)

"poorly written"* "if you will look like an idiot"* "This would have"* "summaries similar to the ones for"* "Pete's sake"*

I count four.

And thank you for exemplifying why dull shoddiness reigns. Good Lord, it's as if you were upset you didn't notice the poorly written summary yourself.

Re:Editing? (5, Funny)

TechyImmigrant (175943) | about 8 months ago | (#46212641)

4.
5 if you include "Hoy many errors can you spot?"

"hoy" is a perfectly cromulent word (5, Funny)

Thud457 (234763) | about 8 months ago | (#46212679)

Merely punctuational errorification:

Hoy! Many errors you can spot!

Re:"hoy" is a perfectly cromulent word (0)

girlintraining (1395911) | about 8 months ago | (#46213191)

Merely punctuational errorification:

They should have synergized their market paradigms more to create a more linguistically diverse user experience. It's only gonna get worse though... once Beta consumes the site, all that'll be left is the outward appearance of a badly edited blog.with comments enabled.

Re:"hoy" is a perfectly cromulent word (1)

TranquilVoid (2444228) | about 8 months ago | (#46214505)

Actually he's correct when you consider the story is about Spanish malware;

"Today many errors you can spot!"

Re:Editing? (1)

bigjocker (113512) | about 8 months ago | (#46212743)

Yes, it's missing an A before Hoy ... sorry about that

Re:Editing? (1)

CanHasDIY (1672858) | about 8 months ago | (#46212799)

Yes, it's missing an A before Hoy ... sorry about that

Rumor has it that Alexander Graham Bell wanted everyone to answer the telephone by saying "Ahoy hoy."

Considering that much modern slang is just shortened versions of older sayings, I'd call "hoy" by itself a fair greeting.

Re:Editing? (3, Informative)

Chris Mattern (191822) | about 8 months ago | (#46213073)

Rumor has it that Alexander Graham Bell wanted everyone to answer the telephone by saying "Ahoy hoy."

Which is not as ridiculous as it sounds. "Hello" was not a common greeting before it became standardized as the way to answer a phone.

Re:Editing? (1)

CanHasDIY (1672858) | about 8 months ago | (#46213385)

Rumor has it that Alexander Graham Bell wanted everyone to answer the telephone by saying "Ahoy hoy."

Which is not as ridiculous as it sounds. "Hello" was not a common greeting before it became standardized as the way to answer a phone.

I dig it.

Hell, I'd answer the phone that way myself if so many other greetings weren't already burned into my subconscious.

Re:Editing? (1)

PRMan (959735) | about 8 months ago | (#46213891)

Actually, it started in 1803 and was fairly common by the time the telephone was invented.

Re:Editing? (1)

mwehle (2491950) | about 8 months ago | (#46213135)

Rumor has it that Alexander Graham Bell wanted everyone to answer the telephone by saying "Ahoy hoy."

Considering that much modern slang is just shortened versions of older sayings, I'd call "hoy" by itself a fair greeting.

"Hoy hoy hoy" would be (will be?) a fair greeting among pojama people.

Re: Editing? (1)

blackiner (2787381) | about 8 months ago | (#46218255)

Oh wow, this makes me appreciate the Simpsons even more. Mr. Burns used to answer the phone like that, I thought it was just some weird mannerism as a kid, but I guess the joke was that he is just *that* old.

Re:Editing? (1)

Strider- (39683) | about 8 months ago | (#46212749)

Slashdot Drinking Game?

más o menos (0)

Anonymous Coward | about 8 months ago | (#46212773)


 

Re: Editing? (0)

Anonymous Coward | about 8 months ago | (#46212885)

Hoy gago!

Re:Editing? (1)

steelfood (895457) | about 8 months ago | (#46213211)

Es just Spanish.

Re:Editing? (1)

PPH (736903) | about 8 months ago | (#46213537)

for pete's sake

6. "Pete" is a proper name and should be capitalized.

Re:Editing? (1)

TechyImmigrant (175943) | about 8 months ago | (#46213701)

They should put stories under version control.

Re:Editing? (0)

Anonymous Coward | about 8 months ago | (#46212645)

I had to read it three times before I understood what it was trying to say.

Re:Editing quickly to hide beta comments (-1)

Anonymous Coward | about 8 months ago | (#46212775)

It's called throwing out new junk in hopes the anti-beta comments will go away. They will NEVER go away. And Slashdot will lose more and more users everyday this continues.

DICE, stop the bleeding. Cancel Beta. Apologize for ever having the idea. Let the content creators (us) design Slashdot in the future, because you have failed.

Re:Editing? (1)

asmkm22 (1902712) | about 8 months ago | (#46212917)

Seriously, this is bad even for Slashdot standards.

Re:Editing? (-1)

Anonymous Coward | about 8 months ago | (#46213015)

I agree... I really think this may be the grammatically worst slashdot article in years. I'm interested in the subject matter, but it's tough to get over such madness. Too much time spent redesigning the site and not editing, perhaps?

Re:Editing? (2, Informative)

Soulskill (1459) | about 8 months ago | (#46213151)

I just updated the summary with grammar fixes. Thanks for pointing it out.

Re:Editing? (1)

BitZtream (692029) | about 8 months ago | (#46213397)

Could you please explain why this doesn't happen BEFORE hand?

Its not like this is a one time thing, this happens pretty much daily.

Do you guys not have any standards at all? You just keep letting these guys who are clearly not even high school graduates function as 'editors' without ever addressing the issue?

Re:Editing? (1)

Soulskill (1459) | about 8 months ago | (#46213455)

It does, usually. You don't notice the typos that have already been fixed because there's nothing to notice.

But we do make mistakes. We can't get 100% of them, but we try to. As you can imagine, it's been pretty hectic around here for the past few days, and that doesn't help.

Re:Editing? (1)

Ralph Wiggam (22354) | about 8 months ago | (#46213573)

You don't notice the typos that have already been fixed because there's nothing to notice.

These weren't typos. This was assault and battery on the English language.

Re:Editing? (1)

ColdWetDog (752185) | about 8 months ago | (#46213625)

"English is a language that lurks in dark alleys, beats up other languages and rifles through their pockets for spare vocabulary."

Re:Editing? (2)

Soulskill (1459) | about 8 months ago | (#46213761)

To be fair, the English language had it coming.

MOD PARENT DOWN (1)

kdawson (3715) (1344097) | about 8 months ago | (#46214193)

Like you know NYTHING about the English Language.

Re:Editing? (1)

mcgrew (92797) | about 8 months ago | (#46219516)

Slashdot editors are technologists, not English majors. I do suggest to them that they hire a couple of English majors to do a quick proofread when the editors are done, though (not me, I'm literate but that wasn't even my minor, and I'm retiring this month anyway).

Re:It does, usually. (No) (1)

TaoPhoenix (980487) | about 8 months ago | (#46214659)

Oh hello Soulskill, nice to see you in the comments.

Unfortunately "last few days are hectic" isn't remotely close to right. Last Few Years, if you wheeled out that excuse. But no, don't do that either. "Last Few X is Hectic" is a tired phrase now that Big Bad Dice owns you and you have lots of firepower to add!

Uh... oh. Wait. I just heard 3rd hand they just decided both you AND us are ... worth zero!

So what exactly are any of us here doing with a value of Zero? Can you buy them out with a Dollar? (Rhetoric, Wall Street Shenanigans may apply.)

I'll leave the extended comedy routines to others. X of us see a value in a quiet eddy current called Slashdot. Since your value is officially zero, why again exactly are you going with Beta?

Plus, I asked months/a year ago about exporting existing comments out of Slashdot but you/They made sure that was never close to a possibility... really now? Data Capture? I calculate I have almost 100 blog topics stored in raw material here. But no. You gang NEVER made ANY easy export tools under ANY management even BEFORE Dice.

So I'm not going all Swearword-Beta. I'm attacking different problems. But still unhappy.

Yours,
--Tao

Re:It does, usually. (No) (1)

Soulskill (1459) | about 8 months ago | (#46215219)

Plus, I asked months/a year ago about exporting existing comments out of Slashdot but you/They made sure that was never close to a possibility... really now? Data Capture? I calculate I have almost 100 blog topics stored in raw material here. But no. You gang NEVER made ANY easy export tools under ANY management even BEFORE Dice.

That's actually much closer to reality now than it's ever been. Hopefully it's something we can get finished soon, but we have a lot of work ahead of us yet. I'm sorry things are slow.

Big Bad Dice owns you and you have lots of firepower to add!

Despite popular sentiment, Dice hasn't taken to Slashdot with a heavy hand. Our engineering team is not much bigger now than when they bought us. Coming up to speed on this codebase is very much not trivial, so even if they sent us a dozen developers tomorrow, it'd be a while before their impact was felt. And the mythical man month, etc.

90s triva and /. (0)

Anonymous Coward | about 8 months ago | (#46217331)

I was playing a 90s trivia game. I was getting a lot of the 90s tech questions right. Question came up "Founded near the start of the internet this popular website remains unchanged to this day and is .."- didn't even finish the question I blurted out /.! One of the players freaked out and quit claiming "that's impossible to know that, she wasn't finished the question". The great apart about this story is now with beta we get to throw that card out. Because its a lie. Bold. faced. Lie.

Re:Editing? (1)

neminem (561346) | about 8 months ago | (#46213245)

Research organizations and activists *have* been loose on the internet since at least 2007, though. Quite a bit earlier, even.

Re:Editing? (-1, Offtopic)

Anonymous Coward | about 8 months ago | (#46213295)

This is ridiculous. What kind of editor publishes a note so badly written? You should at least read summaries out loud to see if you would look like an idiot. That would have certainly worked in this case. At least add a preview button for summaries like you do for comments for pete's sake.

Hoy many errors can you spot?

"Kim Zetter of Wired's Threat Level reports that Kaspersky Labs discovered a Spanish-language spyware application that employs "uses techniques and code that surpass any nation-state spyware previously spotted in the wild." The malware, dubbed "The Mask" by Kaspersky's researchers, targeted targeted government agencies, diplomatic offices, embassies, companies in the oil, gas and energy industries, and research organizations and activists had been loose on the Internet since at least 2007, before it was shut down last month. It infected its targets via a malicious website that contained exploits — among which were the Adobe Flash player vulnerability CVE-2012-0773 — that affected both Windows and Linux machines. Users were directed to the site via spearphishing emails."

It's not as bad as the slashdot beta, though. What happened to the slashdot boycott anyway? I thought that started today?

Re:Editing? (0)

Anonymous Coward | about 8 months ago | (#46217549)

For fuck's sake, insightful?? More like offtopic. Unlike you, samzepus wasn't an English major, he's a technologist. The summary is readable and he didn't make any of the stupid, egregious errors you often see in comments, illiteracy like "Their in there car over they're" or "They should loose all their money". And I see this bad writing in newspapers, where the writers SHOULD be educated in the language.

Save your vitriol for one of the occasional completely unreadable summary, this was at least understandable.

"Soooooooomebody STOP ME!!!" said Beta (-1)

Anonymous Coward | about 8 months ago | (#46212609)

Beta is as obnoxious as Jim Carrey in The Mask.

I love Kraft mac and cheese! (-1)

Anonymous Coward | about 8 months ago | (#46212631)

The orange-y goodness never fails to provide nutrition for the weary.

Mac users cheer. (-1)

Anonymous Coward | about 8 months ago | (#46212683)

...

The Mask (-1)

Anonymous Coward | about 8 months ago | (#46212731)

SSSSSSSSSOMEBODY STOP ME!

Looks like Spanish? (1)

cold fjord (826450) | about 8 months ago | (#46212741)

We are well into the era of automated translation programs. I'm not sure that the language you see is necessarily what it was written in.

Having said that, I wonder if they considered Portuguese? Looks a lot like Spanish, and Brazil is a major power in malware.

Re:Looks like Spanish? (2)

Omega Hacker (6676) | about 8 months ago | (#46212769)

Considering that *Kaspersky*'s press release opens with "Dominican Republic", I would guess the people writing it are probably pretty familiar with the difference.

Re:Looks like Spanish? (1)

CanHasDIY (1672858) | about 8 months ago | (#46212819)

We are well into the era of automated translation programs. I'm not sure that the language you see is necessarily what it was written in.

Having said that, I wonder if they considered Portuguese? Looks a lot like Spanish, and Brazil is a major power in malware.

If you aren't writing your malware in Esperanto, you're not trying.

Disaster (-1)

Anonymous Coward | about 8 months ago | (#46212759)

Beta is not disaster, its apocalypse. Do you hear me now?

Re:Disaster (-1)

Anonymous Coward | about 8 months ago | (#46212793)

No. Try talking with your head OUT of your ass.

It's called "The Mask"? (3, Funny)

93 Escort Wagon (326346) | about 8 months ago | (#46212797)

Boy, that Jim Carrey is one talented dude...

Publish It All On the Net (1)

Jim Sadler (3430529) | about 8 months ago | (#46212801)

I hope that all information that was gathered is published widely on the net and that all English versions are added. The public has a right to know.

a Spanish-language spyware attacks english grammer (1)

Anonymous Coward | about 8 months ago | (#46212821)

apparently it targeted targeted slashdot too, via exploits that affected both submitters and editors

Re:a Spanish-language spyware attacks english gram (0)

Anonymous Coward | about 8 months ago | (#46213097)

sed -i 's/grammer/grammar/' spelling.post

Re:a Spanish-language spyware attacks english gram (1)

mwehle (2491950) | about 8 months ago | (#46213155)

And it attacks grammar to boot for Pete's sake!

Learn More (-1)

Anonymous Coward | about 8 months ago | (#46212875)

Do I really want to visit site that says "Learn More" this is retarded for a site like ./

Whats up with those huge photos all over the page?

I have idea for you for maximizing revenue, everyone get 10 popups per page with fresh adds, look at the porn sites for ideas

The /. community is causing more damage than Beta. (0)

BlueKitties (1541613) | about 8 months ago | (#46212893)

I used to really enjoy coming to /. -- even with Beta, even though it stinks. Now the entire comments section has just devolved into complaints. The real threat to /. isn't Evil Corporate Overlords, it's /tivism gone wrong. R.I.P. awesome comment community, you will be missed. :(

Re:The /. community is causing more damage than Be (-1, Offtopic)

MikeBabcock (65886) | about 8 months ago | (#46212913)

I used to really enjoy coming to /. -- even with Beta, even though it stinks. Now the entire comments section has just devolved into complaints. The real threat to /. isn't Evil Corporate Overlords, it's /tivism gone wrong. R.I.P. awesome comment community, you will be missed. :(

QFT

Re:The /. community is causing more damage than Be (1)

bughunter (10093) | about 8 months ago | (#46213517)

The "awesomeness" of the commentariat departed a long time ago. What was once "awesome" is now merely "occasionally insightful or informative."

But yes, the signal to noise ratio is plummeting even further with all of the Beta whining.

stop beta-whining (0)

Anonymous Coward | about 8 months ago | (#46215717)

Yeah, stop it already. Just tell me how to get rid of beta!

Re:The /. community is causing more damage than Be (1)

BlueKitties (1541613) | about 8 months ago | (#46229383)

Of course I get moderated as "offtopic," meanwhile the floods of "fbeta" are all +5. Even the moderation system is becoming a joke.

Sequence of The Mask events (1)

WillAffleckUW (858324) | about 8 months ago | (#46213031)

1. Profit
2. Come up with reason for spying ...
4. Ask for authorization seven years later in secret cabinet meeting held in disused lavatory in sub-sub-basement of outmoded surplus warehouse.

Re:Sequence of The Mask events (0)

Anonymous Coward | about 8 months ago | (#46213327)

3??

Is 3 sekret?

Why did you omit Step #3? What are you hiding?

Even our contributors forego transparency and censor the critical and most embarrassing parts of the process!

Re:Sequence of The Mask events (1)

bughunter (10093) | about 8 months ago | (#46213531)

There is no Five... Three! I mean three!

Re:Sequence of The Mask events (1)

sjames (1099) | about 8 months ago | (#46215067)

No documents have been located responsive to your requect for information on 'Step #3'. Move along Citizen, nothing to see here.

Spyware techniques and code? (3, Insightful)

DTentilhao (3484023) | about 8 months ago | (#46213281)

"Spanish-language spyware application that 'uses techniques and code that surpass any nation-state spyware previously spotted in the wild.'"

The linked to article seems a little short on details, what exactly makes these `techniques and code' surpass any spyware previously in the wild?

Re:Spyware techniques and code? (2)

benjfowler (239527) | about 8 months ago | (#46213535)

The infrastructure used to drive it was way beyond anything they've seen previously, even by ostensibe state actors; also, this sort of thing requires a lot of expensive and time-consuming legwork typically done by state intelligence agencies. The elite intelligence agencies do extensive research on their targets prior to using their weapons; they also maintain extremely high levels of operational sophistication, to the point where there is somebody with a finger on a trigger somewhere, figuring out what exploits they can risk using, depending on their assessment on how sophisticated their target will be.

It's likely to be Spain, as their intelligence agencies' primary targets are North Africa and Latin America. Likely, their role in NATO means they've been tasked with keeping tabs on our swarthy kamikaze friends (terrorists, drug dealers, people smugglers) on the far side of the Straits of Gibraltar. And given how many people al-Qaeda murdered during the 11-M attacks in 2004, you can hardly blame Spain for muscling up.

Re:Spyware techniques and code? (0)

Anonymous Coward | about 8 months ago | (#46213843)

The elite intelligence agencies do extensive research on their targets prior to using their weapons; they also maintain extremely high levels of operational sophistication, to the point where there is somebody with a finger on a trigger somewhere, figuring out what exploits they can risk using, depending on their assessment on how sophisticated their target will be.

... as their intelligence agencies' primary targets are North Africa and Latin America.

Where did you get this information?
It sounds like its been compiled from various spy novels.

Re:Spyware techniques and code? (1)

benjfowler (239527) | about 8 months ago | (#46216143)

Off your meds, mate??

Re:Spyware techniques and code? (1)

kbrannen (581293) | about 8 months ago | (#46213785)

Can we use (sadly) this as yet another reason Flash must die? How many examples of bad security will it take before kill Flash forever? (Yeah, I know, marketing doesn't care about security as long as it looks good.)

Where's the beef? (0)

Anonymous Coward | about 8 months ago | (#46213643)

Anyone find an analysis of the exploit?

I would like to know what is meant by "affecting...Linux". I have witnessed plenty of plug-in exploit / downloaders on Linux that simply produced a useless file that was made non-executable by the default mask, where I promptly discarded the binary and continued about my business.

Since Linux and BSD distros lack the ShellEx/registry root classes engineering flaws in Windows, it's particularly disingenuous to lump the two operating systems together when one is disproportionately damaged by these sort of social engineering, um passive...."attacks"...if you will.

Re:Where's the beef? (4, Informative)

ozmanjusri (601766) | about 8 months ago | (#46214301)

I would like to know what is meant by "affecting...Linux".

You're right to question the FUD.

SecureList has a MUCH better story that makes it clear "Careto" is closer to a precision-targeting crackers' toolkit rather than typical Windows malware (they have identified a total of 380 unique targets so far). It didn't just use the Flash vulnerability, but had multiple vectors, including Chrome plugins and social engineering techniques.

From their FAQ:

Is this a Windows-only threat? Which versions of Windows are targeted? Are there Mac OS X or Linux variants?
So far, we observed Trojans for Microsoft Windows and Mac OS X. Some of the exploit server paths contain modules that appear to have been designed to infect Linux computers, but we have not yet located the Linux backdoor. Additionally, some of the C&C artifacts (logs) indicate that backdoors for Android and Apple iOS may also exist.

Have you seen any evidence of a mobile component - iOS, Android or BlackBerry?
We suspect an iOS backdoor exists but we haven't been able to locate it yet. The suspicion is based on a debug log from one of the C&C servers where a victim in Argentina is identified and logged as having a user agent of "Mozilla/5.0 (iPad; CPU OS 6_1_3 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Mobile/10B329". This appears to indicate it is an iPad, although without a sample, it's hard to be sure.

In addition to this, we also suspect the existence of an Android implant. This is based on a unique version identifier sent to the C&C which is "AND1.0.0.0". Communications with this unique identifier have been observed over 3G links, indicating a possible mobile device.

http://www.securelist.com/en/b... [securelist.com]

Re:Where's the beef? (0)

Anonymous Coward | about 8 months ago | (#46214771)

Just wait until someone starts reporting about the malware that piggybacks this, exploiting vulnerabilities in the underlying methodology behind it. Perhaps this has not only been in use since 2007, but has had second-level hijackers since 2010, and has been protected by an as yet unnamed overlord of sorts. This is gonna get phun...

Flash (0)

Anonymous Coward | about 8 months ago | (#46213647)

When oh when will we finally be rid of that steaming pile of exploit-infested crap that is adobe flash?

spearphishing emails (0)

Anonymous Coward | about 8 months ago | (#46213801)

How does something like this go undetected in the wild? How hard is it for AV firms to click on an email link and check what comes down the line at them?

Re:spearphishing emails (1)

benjfowler (239527) | about 8 months ago | (#46213857)

Maybe antivirus firms in Western countries will turn a blind eye to military malware coming from Western governments.

OTOH, Eugene Kaspersky is Russian, and is politically connected to Vladimir Putin and his entourage, none of whom have a lot of time for NATO...

Re:spearphishing emails (0)

Anonymous Coward | about 8 months ago | (#46214783)

DING DING DING. *cough* collusion and secret backroom dealings you are not yet aware of *cough*

Re:spearphishing emails (1)

benjfowler (239527) | about 8 months ago | (#46216147)

Uuuugh. Looks like I've got myself a creepy internet stalker.

Sorry to disappoint you, pal. I'm straight.

Re:spearphishing emails (1)

RandomFactor (22447) | about 8 months ago | (#46215283)

Even the mass malware distributions take basic precautions these days like excluding VMs, all known AV Vendor IP ranges, and not being malicious while the email is in transit (a link may not begin serving malicious content until hours later, when targets are arriving at the office, and may stop again afterwards.). You can analyze those links all year long if you aren't the target.

ACTIVISTS ON THE LOOSE! (0)

Anonymous Coward | about 8 months ago | (#46214047)

"...activists had been loose on the Internet since at least 2007"

As heard on DiceDot

IF Only (0)

Anonymous Coward | about 8 months ago | (#46214303)

it could target the beat os Slashdot.

Surpasses nation-state code? (1)

Tony Isaac (1301187) | about 8 months ago | (#46215097)

After watching the healthcare.gov debacle, it would seem that surpassing nation-state-created software is a very low hurdle!

Re:Surpasses nation-state code? (1)

hink (89192) | about 8 months ago | (#46217423)

*rimshot*

From the makers of Stuxnet (0)

Anonymous Coward | about 8 months ago | (#46217593)

New from the makers of Stuxnet, "the Mask"

Interesting too that it was KaRusski that found it. Norton and McGaffee may be on the government dole for more than just the usual welfare.

Cuba ... (1)

devil6god7 (982064) | about 8 months ago | (#46219869)

I'm surprised no one has blamed Cuba yet!
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?