The Mask malware employs vintage virus techniques

12 June 2014
By Edd Gent
Mobile version
Share |
The Mask malware toolkit uses classic virus writing tricks from the 80s and 90s in its code

The Mask malware toolkit uses classic virus writing tricks from the 80s and 90s in its code

Malware dubbed one of the "most advanced global cyber-espionage operations to date” is using old-school virus techniques, according to new research.

A new family of malware dubbed ‘The Mask’ or ‘Careto’, the Spanish for Mask, was revealed in February by cyber-security company Kaspersky, who said the campaign appeared to be state sponsored and originated from the Spanish-speaking country.

But despite its complex nature, after acquiring samples of the malware, researchers at Context Information Security have uncovered classic techniques at the heart of its code commonly employed by virus writers in the 80s and 90s.

The virus uses a file-appending mechanism to infect the boot process of a system, which Context describes as a trick “straight from the history books”, allowing malicious code to run as soon as the operating system starts loading.

“While hidden in the complexity of the malware, Careto or The Mask use the well know technique of infecting the first executable that loads when Windows boots,” says Kevin O’Reilly, a senior researcher at Context.

“This discovery seems to suggest that old tricks are sometimes the best and also begs the question; is this a nod of respect to the virus writers who wreaked havoc in the 90s or have they come out of retirement to develop a new nation-state cyber-weaponry arsenal?”

The Mask is a wide-ranging malware toolset with a variety of capabilities, including intercepting network traffic from a victim’s PC, keystrokes, Skype conversations, PGP encrypion keys, wireless traffic and file activity.

It also has the capability to harvest a wide range of files from the infected system, including encryption and SSH keys, VPN and remote desktop configurations.

According to Kaspersky it had operated undetected since 2007 targeting government agencies, diplomatic embassies, energy companies, research institutions, private equity firms and activists in 31 countries and had infected more than 380 targets before it stopped operating.

“Now that it has been discovered, anti-virus vendors have added detection to their products so it is no longer a real risk,” says O’Reilly.

“The historical attack vector was targeted phishing emails or spear phishing with infected attachments, but is unlikely that this is still happening using this specific toolset. What is unclear is whether this is a one off or a trend to watch out for.”

Full details of the research are available on Context’s blog.

Latest Issue

E&T cover image 1604

"Should the UK's engineers be in or out of Europe? The IET sets out its official position on the EU referendum this week - will you agree?"

->

E&T jobs

  • SAP TEAM MANAGER GENERAL ENQUIRIES

    SSE
    • Melksham, Swindon or Oxford
    • £33,520 TO £44,269 + CAR (SSE7) DEPENDING ON SKILLS AND EXPERIENCE

    An exciting opportunity has arisen for an Overhead Tower Line Manager within Power Distribution covering Southern England.

    • Recruiter: SSE

    Apply for this job

  • Principal Engineer - Submarine Operability

    BAE Systems
    • Cumbria, England, Barrow-In-Furness
    • Competitive package

    As a Principal Engineer - Operability, you will be using your knowledge of submarine systems operation to influence the way the systems are designed, ensuring the Royal Navy personnel will be able to operate the system effectively

    • Recruiter: BAE Systems

    Apply for this job

  • OVERHEAD TOWER LINE MANAGER

    SSE
    • Southern England
    • SALARY £42,149 - £62,427 + CAR (SSE9/10) DEPENDANT ON SKILLS AND EXPERIENCE

    An exciting opportunity has arisen for an Overhead Tower Line Manager within Power Distribution covering Southern England.

    • Recruiter: SSE

    Apply for this job

  • Electrical Engineer - Water

    Premium job

    Mott MacDonald
    • Peterborough, Cambridgeshire

    Mott MacDonald's highly successful Water and Environment Unit is recruiting an electrical engineer....

    • Recruiter: Mott MacDonald

    Apply for this job

  • Electrical Design Engineer

    Premium job

    Mott MacDonald
    • Cambridge, Cambridgeshire

    Mott MacDonald's highly successful water business continues to win and deliver a fantastic amount of work....

    • Recruiter: Mott MacDonald

    Apply for this job

  • Senior Programme Manager

    Network Rail
    • England, London
    • £76800 - £86400 per annum

    Do you possess a track record of taking the lead on large projects?

    • Recruiter: Network Rail

    Apply for this job

  • Professor and Head of the Department of Electrical and Computer Systems Engineering

    Monash University
    • Australia (AU)

    Shape the future direction of a Department which is currently involved in ground breaking innovative research

    • Recruiter: Monash University

    Apply for this job

  • Rail Engineer

    Frazer-Nash Consultancy Ltd
    • Burton, Dorking, Glasgow
    • £ Competitive + Benefits

    Some of the most exciting infrastructure projects in the UK over the coming years are in rail.

    • Recruiter: Frazer-Nash Consultancy Ltd

    Apply for this job

  • Electrical Power & HV Engineers

    Frazer-Nash Consultancy Ltd
    • Bristol, Burton, Glasgow, Gloucester, Plymouth, Warrington
    • £ Competitive + Benefits

    Frazer-Nash is currently embarking on a period of significant growth of our electrical, electronics, control and instrumentation capability.

    • Recruiter: Frazer-Nash Consultancy Ltd

    Apply for this job

  • Control and Instrumentation Engineers

    Frazer-Nash Consultancy Ltd
    • Bristol, Burton, Dorchester, Glasgow, Gloucester, Plymouth, Warrington
    • £ Competitive + Benefits

    Frazer-Nash is currently embarking on a period of significant growth of our electrical, electronics, control and instrumentation capability.

    • Recruiter: Frazer-Nash Consultancy Ltd

    Apply for this job

More jobs ▶

Subscribe

Choose the way you would like to access the latest news and developments in your field.

Subscribe to E&T