The Mask malware employs vintage virus techniques

12 June 2014
By Edd Gent
Mobile version
Share |
The Mask malware toolkit uses classic virus writing tricks from the 80s and 90s in its code

The Mask malware toolkit uses classic virus writing tricks from the 80s and 90s in its code

Malware dubbed one of the "most advanced global cyber-espionage operations to date” is using old-school virus techniques, according to new research.

A new family of malware dubbed ‘The Mask’ or ‘Careto’, the Spanish for Mask, was revealed in February by cyber-security company Kaspersky, who said the campaign appeared to be state sponsored and originated from the Spanish-speaking country.

But despite its complex nature, after acquiring samples of the malware, researchers at Context Information Security have uncovered classic techniques at the heart of its code commonly employed by virus writers in the 80s and 90s.

The virus uses a file-appending mechanism to infect the boot process of a system, which Context describes as a trick “straight from the history books”, allowing malicious code to run as soon as the operating system starts loading.

“While hidden in the complexity of the malware, Careto or The Mask use the well know technique of infecting the first executable that loads when Windows boots,” says Kevin O’Reilly, a senior researcher at Context.

“This discovery seems to suggest that old tricks are sometimes the best and also begs the question; is this a nod of respect to the virus writers who wreaked havoc in the 90s or have they come out of retirement to develop a new nation-state cyber-weaponry arsenal?”

The Mask is a wide-ranging malware toolset with a variety of capabilities, including intercepting network traffic from a victim’s PC, keystrokes, Skype conversations, PGP encrypion keys, wireless traffic and file activity.

It also has the capability to harvest a wide range of files from the infected system, including encryption and SSH keys, VPN and remote desktop configurations.

According to Kaspersky it had operated undetected since 2007 targeting government agencies, diplomatic embassies, energy companies, research institutions, private equity firms and activists in 31 countries and had infected more than 380 targets before it stopped operating.

“Now that it has been discovered, anti-virus vendors have added detection to their products so it is no longer a real risk,” says O’Reilly.

“The historical attack vector was targeted phishing emails or spear phishing with infected attachments, but is unlikely that this is still happening using this specific toolset. What is unclear is whether this is a one off or a trend to watch out for.”

Full details of the research are available on Context’s blog.

Latest Issue

E&T cover image 1605

"We visit Barcelona, one of the smartest cities in the world, to find out what makes it so special. What does it look like and what is the future?"

E&T jobs

  • Senior Development Engineer, Electronics

    Premium job

    Helmet Integrated Systems / Gentex Corporation
    • Letchworth Garden City, Hertfordshire
    • Competitive

    We are an innovative, robust and fast growing business, whose main focus is to deliver continues improvement to existing products and offer new sol..

    • Recruiter: Helmet Integrated Systems / Gentex Corporation

    Apply for this job

  • Smart Grid Research Engineer

    Premium job

    University of Strathclyde
    • Cumbernauld, Glasgow
    • Grade: 6/7* £26,537 - £37,768*

    Work as part of a growing dynamic team on a wide range of technical projects with particular emphasis on experimental validation and testing

    • Recruiter: University of Strathclyde

    Apply for this job

  • Electrical Asset Specialist

    Affinity Water
    • Hatfield, Hertfordshire

    Responsible for updating and writing electrical engineering standards, approved codes of practice and safe systems of work

    • Recruiter: Affinity Water

    Apply for this job

  • Senior Electronics Engineer

    York Instruments
    • York, North Yorkshire

    Senior electronics engineer to work as part of a team developing an MEG imaging system; working with the engineering team and external contractors.

    • Recruiter: York Instruments

    Apply for this job

  • Manufacturing Engineer - Circuit Card Assembly

    • Lostock Junction
    • Competitive Salary & Benefits

    What’s the opportunity?   Manufacturing UK is an integral part of the Operations Directorate whose principal mission is to ensure that MBDA’s deliverable commitments are met...

    • Recruiter: MBDA

    Apply for this job

  • High Voltage Engineer

    Premium job

    Essex X-Ray & Medical Equipment
    • Great Dunmow, Essex

    This High Voltage Engineer will provide design leadership for high voltage cable assemblies up to one megavolt.

    • Recruiter: Essex X-Ray & Medical Equipment

    Apply for this job

  • Team Leader - Flank Arrays

    BAE Systems
    • Barrow-In-Furness, Cumbria, England
    • Negotiable

    Team Leader - Flank Arrays Would you like to work in a unique role within the construction of the Astute Class submarines? We currently have a vacancy for a Team Leader - Flank Arrays at our site in Barrow-in-Furness. As a Team Leader - Flank Arrays, you

    • Recruiter: BAE Systems

    Apply for this job

  • Electronics and Software Engineer

    Copley Scientific Ltd
    • Nottingham
    • circa £35,000 per annum + bonus

    Develop new test equipment for the pharmaceutical industry. Good opportunities to grow and develop. Successful family-owned and managed business.

    • Recruiter: Copley Scientific Ltd

    Apply for this job

  • Bridge Test Facility Manager

    BAE Systems
    • Shropshire, Telford, England
    • Negotiable

    Bridge Test Facility ManagerWe currently have a vacancy for a Bridge Test Facility Manager at our site in Telford with our Land UK business.As the Bridge Test Facility Manager, you will be part of our Test & Trials team, working closely with the Mili

    • Recruiter: BAE Systems

    Apply for this job

  • Intelligent Transport Systems Engineer - Highways Technology

    Premium job

    Mott MacDonald
    • Birmingham, West Midlands

    Our transport technology team in Birmingham is currently growing a highly skilled and customer-focused team to...

    • Recruiter: Mott MacDonald

    Apply for this job

More jobs ▶


Choose the way you would like to access the latest news and developments in your field.

Subscribe to E&T