The Mask malware employs vintage virus techniques

12 June 2014
By Edd Gent
Mobile version
Share |
The Mask malware toolkit uses classic virus writing tricks from the 80s and 90s in its code

The Mask malware toolkit uses classic virus writing tricks from the 80s and 90s in its code

Malware dubbed one of the "most advanced global cyber-espionage operations to date” is using old-school virus techniques, according to new research.

A new family of malware dubbed ‘The Mask’ or ‘Careto’, the Spanish for Mask, was revealed in February by cyber-security company Kaspersky, who said the campaign appeared to be state sponsored and originated from the Spanish-speaking country.

But despite its complex nature, after acquiring samples of the malware, researchers at Context Information Security have uncovered classic techniques at the heart of its code commonly employed by virus writers in the 80s and 90s.

The virus uses a file-appending mechanism to infect the boot process of a system, which Context describes as a trick “straight from the history books”, allowing malicious code to run as soon as the operating system starts loading.

“While hidden in the complexity of the malware, Careto or The Mask use the well know technique of infecting the first executable that loads when Windows boots,” says Kevin O’Reilly, a senior researcher at Context.

“This discovery seems to suggest that old tricks are sometimes the best and also begs the question; is this a nod of respect to the virus writers who wreaked havoc in the 90s or have they come out of retirement to develop a new nation-state cyber-weaponry arsenal?”

The Mask is a wide-ranging malware toolset with a variety of capabilities, including intercepting network traffic from a victim’s PC, keystrokes, Skype conversations, PGP encrypion keys, wireless traffic and file activity.

It also has the capability to harvest a wide range of files from the infected system, including encryption and SSH keys, VPN and remote desktop configurations.

According to Kaspersky it had operated undetected since 2007 targeting government agencies, diplomatic embassies, energy companies, research institutions, private equity firms and activists in 31 countries and had infected more than 380 targets before it stopped operating.

“Now that it has been discovered, anti-virus vendors have added detection to their products so it is no longer a real risk,” says O’Reilly.

“The historical attack vector was targeted phishing emails or spear phishing with infected attachments, but is unlikely that this is still happening using this specific toolset. What is unclear is whether this is a one off or a trend to watch out for.”

Full details of the research are available on Context’s blog.

Latest Issue

E&T cover image 1607

"As the dust settles after the referendum result, we consider what happens next. We also look forward to an international summer of sport."

E&T jobs

  • Chair in Integrated Sensor Technology

    The University of Edinburgh
    • Edinburgh, City of Edinburgh

    The University of Edinburgh is one of the world’s top 20 institutions of higher education.....

    • Recruiter: The University of Edinburgh

    Apply for this job

  • Principal Electrical Engineer - Power

    BAE Systems
    • Bristol, England / Cumbria, Barrow-In-Furness, England
    • Negotiable

    Principal Electrical Engineer - Power Join our Electrical Power team and help design the self-contained generation and distribution system for the Successor submarine - a new generation of submarine designed to carry the UK's independent nuclear deterrent

    • Recruiter: BAE Systems

    Apply for this job

  • Operations Supervisor (Mechanical/Electrical/Instrumentation)

    National Grid
    • England, Cambridgeshire
    • £33000 - £39000 per annum

    Operations Supervisor - (Mechanical/Electrical/Instrumentation) Salary: Circa £33k - 39k dependant on experience + vehicle and great additional benefits (share scheme, pension, potential bonus).Location: Wisbech - Cambridgeshire We currently have an excit

    • Recruiter: National Grid

    Apply for this job

  • Lead NDT Trainer

    BAE Systems
    • England, Lancashire
    • Competitive package

    Would you like to be involved with training UK and international teams in Non Destructive Inspection (NDI) to support the in service fleet (Typhoon Tornado, and Hawk)?

    • Recruiter: BAE Systems

    Apply for this job

  • Systems Design - Emerging Portfolio

    • Bristol
    • Competitive Salary & Benefits

    What?s the opportunity?   There are fantastic opportunities in Systems Design for engineers to work within Future Systems. These are highly visible, fast paced roles, in...

    • Recruiter: MBDA

    Apply for this job

  • Metering Engineer

    Department for Business, Innovation and Skills
    • Teddington, United Kingdom
    • £24,109 - £27,961 plus EO Electronics PE of £8,090.00

    We are now looking for a Metering Engineer to deliver RD’s In-Service Testing (IST) scheme for gas and electricity meters.

    • Recruiter: Department for Business, Innovation and Skills

    Apply for this job

  • Head of Operational Estates

    Premium job

    The Shrewsbury and Telford Hospital NHS Trust
    • Shrewsbury, Shropshire
    • £46,625 to £57,640 per annum

    As an experienced Estates Manager, you will play a key role in helping to shape the future of the Estates service.

    • Recruiter: The Shrewsbury and Telford Hospital NHS Trust

    Apply for this job

  • Engineering Project Manager - Electrical & Automation

    • York, North Yorkshire
    • c£45,000 + Car Allowance + Bonus + Excellent Benefits

    Nestlé Product Technology Centre in York currently has an excellent opportunity for an Engineering Project Manager

    • Recruiter: Nestle

    Apply for this job

  • Assistant Professor (Tenure Track) of Smart Building Solutions

    Premium job

    ETH Zurich
    • Zurich, Canton of Zürich (CH)

    The successful candidate is expected to develop a strong and visible research programme in the area of control and diagnostics of building systems

    • Recruiter: ETH Zurich

    Apply for this job

  • Process Controls Leader

    Premium job

    Phillips 66
    • Humber Refinery, South Killingholme, North Lincolnshire DN40 3DW
    • £60k - 75k plus extensive Compensation and benefits package, dependent upon experience

    Experienced Process Control Leader providing leadership and technical support for Oil Refinery. Extensive Compensation and benefits package.

    • Recruiter: Phillips 66

    Apply for this job

More jobs ▶


Choose the way you would like to access the latest news and developments in your field.

Subscribe to E&T