This malware is frighteningly sophisticated, and we don’t know who created it

This malware is frighteningly sophisticated, and we don’t know who created it

BY TIMOTHY B. LEE

February 10 at 5:40 pm

Most of the early Internet malware were simple programs created by bored amateurs. But it’s not 1999 anymore. As the Internet has grown more sophisticated, so has malware. A new report from Kaspersky labs dissects what could be the most sophisticated malware yet discovered in the wild.

The software, dubbed Careto, is a sophisticated suite of tools for compromising computers and collecting a wealth of information from them. Whoever is behind the malware sends out “spear phishing” e-mails, with addresses designed to be mistaken for the Web sites of mainstream newspapers, such as The Washington Post or the Guardian. If the user clicks on a link, it takes her to a Web site that scans her system for vulnerabilities and attempts to infect it. There are multiple versions of the malicious software designed to attack Windows, Mac OS X and Linux versions, and Kapersky believes there may be versions that attack iOS and Android.

Once Careto has compromised a system, it begins collecting sensitive information from it. The software can “intercept network traffic, keystrokes, Skype conversations, analyse WiFi traffic, PGP keys, fetch all information from Nokia devices, screen captures and monitor all file operations.”

It can also capture any encryption keys found on the machine, which can help launch attacks against other machines. The software has a plug-in architecture, allowing the attacker to dynamically load new software to perform tasks such as monitoring keystrokes or capturing the victim’s email.

Ads by websave. More Info | Hide These Ads

Early malware spread uncontrolled from computer to computer. In contrast, Careto is highly targeted. Kaspersky was able to gather data about who was subject to attacks. Most of the attacks targeted government institutions, embassies, oil and gas companies, research organizations, private equity firms and activists.

Computers around the world were targeted, with no apparent pattern:

image001-2

Careto victims’ IP addresses by country. (Kaspersky Lab)

So who’s behind the malware? It’s likely that only national intelligence agencies have the resources to build software of this complexity and sophistication. Fragments of Spanish embedded in the software’s files suggest that the culprit is a native Spanish speaker. But it’s not clear which Spanish-speaking nation would build such a sophisticated intelligence operation. And the researchers note that the fragments of Spanish may be a “false flag” operation: The software’s authors may have deliberately inserted Spanish slang into the software’s source code to divert attention from the real authors.

Regardless, the emergence of the malware underscores that software-based espionage is an important new source of power. Last year, documents leaked by Edward Snowden revealed that the National Security Agency has a large “Tailored Access Operations”department dedicated to building offensive hacking capabilities. If the NSA didn’t build Careto, it’s a safe bet that they have something like it. And intelligence agencies in China, Russia and other great powers are likely working on software like it too.

 

About bambooinnovator
Kee Koon Boon (“KB”) is the co-founder and director of HERO Investment Management which provides specialized fund management and investment advisory services to the ARCHEA Asia HERO Innovators Fund (www.heroinnovator.com), the only Asian SMID-cap tech-focused fund in the industry. KB is an internationally featured investor rooted in the principles of value investing for over a decade as a fund manager and analyst in the Asian capital markets who started his career at a boutique hedge fund in Singapore where he was with the firm since 2002 and was also part of the core investment committee in significantly outperforming the index in the 10-year-plus-old flagship Asian fund. He was also the portfolio manager for Asia-Pacific equities at Korea’s largest mutual fund company. Prior to setting up the H.E.R.O. Innovators Fund, KB was the Chief Investment Officer & CEO of a Singapore Registered Fund Management Company (RFMC) where he is responsible for listed Asian equity investments. KB had taught accounting at the Singapore Management University (SMU) as a faculty member and also pioneered the 15-week course on Accounting Fraud in Asia as an official module at SMU. KB remains grateful and honored to be invited by Singapore’s financial regulator Monetary Authority of Singapore (MAS) to present to their top management team about implementing a world’s first fact-based forward-looking fraud detection framework to bring about benefits for the capital markets in Singapore and for the public and investment community. KB also served the community in sharing his insights in writing articles about value investing and corporate governance in the media that include Business Times, Straits Times, Jakarta Post, Manual of Ideas, Investopedia, TedXWallStreet. He had also presented in top investment, banking and finance conferences in America, Italy, Sydney, Cape Town, HK, China. He has trained CEOs, entrepreneurs, CFOs, management executives in business strategy & business model innovation in Singapore, HK and China.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: