A Mask virus has been uncovered after seven years of cyber spying directed at big internet targets such as oil and gas companies, activist groups, private equity firms, and even government databases. Although it is not yet known from where the malicious code originated, the nature of the code itself and several Spanish language key words have led Kaspersky labs to hypothesize that it was made professionally by a Spanish-speaking state, although they had no further information on what specific state could be responsible. A week after it was discovered all Mask activity halted, and over 90 infected computer control firms hosting the Mask code were shut down. The mass amount of targets affected makes it difficult to track down whoever was responsible for the virus, or even what the perpetrators were after.
Once Mask was discovered infected IPs were found in 31 countries, including Morocco with 383 infections, the UK with 109, and the U.S. with 22. This species of malware is particularly dangerous as the infected internet protocols are capable of spreading the virus to any machine that connects to them without the user knowing, allowing it to spread faster and faster as more machines become affected. Once a machine is afflicted by the bug, information stored can be accessed by those who created the malicious code, allowing them access to anything the user does online. On top of this, several different versions of Mask were discovered, each tuned to the most popular Microsoft, Apple, and Linux operating systems, as well as Android and iOS phones.
The method of infection was discovered to be emails with links to sub-domains of legitimate newspapers, when the user clicked the link to read a news story they were directed to a malicious page hosted by a legitimate business, making spotting the fake pages extremely difficult for the user themselves and any anti-virus software they may have been using. Now that the Mask virus has been uncovered after seven years of cyber spying, interest turns to who was able to create the most advanced cyber threat yet seen, and what they were planning to do with the information gleaned by their pet project.
The goal of malware is almost invariably to steal information from databases and users such as login information, bank balances, and credit card data. Kaspersky only became aware of the Mask virus after its own system was infected, but they moved quickly to begin analyzing and shutting it down. After some time spent with the virus, they now believe that whoever wrote it is in contact with Zero Day agents on the electronic grey market, where vulnerabilities in commonly used software such as Adboe Flash and Microsoft Silverlight are sold to the highest bidder in order for malware to have easy access to computers. The market for Zero Day vulnerabilities has been increasing in recent years, and with more and more machines coming online and more and more protocols working to keep things together, the number of openings for those wishing to infiltrate machines is on the rise. Experts at Kaspersky and Symantec warn users to keep virus definitions up to date, watch their browsing habits carefully, and scan frequently for infections. That the Mask virus was only uncovered after seven years of cyber spying with no previous documentation leads many to worry about what other threats are not yet known.
By Daniel O’Brien