Malware Tactics from the 80s

Thursday, June 12, 2014 @ 04:06 PM gHale

If it works, stick with it and that is exactly what the Mask or Careto family of malware is thinking as it uses tricks thought up by hackers in the 80s and 90s, researchers said.

Mask’s use of old school methods became clear when researchers at security provider Context Information Security were doing forensics on the advanced malware, codenamed SGH.

Android Ransomware Locks Phone
Q1 a Landslide for Malware
Malware Hitting Linux Machines
Malware Translates to Local Language

Mask used an infection technique originally created to compromise early 16-bit systems.

“The Mask demonstrates that this simple technique can still be effective today. Old tricks are sometimes the best, it seems, as the method by which SGH achieves its bootkit functionality and infects the bootmgr binary is to employ this ‘old skool’ 16-bit infection strategy straight from the history books,” a Context blog post said.

Kaspersky Lab researchers uncovered the Mask campaign targeting government systems in February.

The malware allowed the hackers to intercept network traffic from a victim’s PC, keystrokes, Skype conversations, PGP keys, wireless traffic and file activity.

The nature of the malware led Kaspersky to list it as one of the most advanced cyber espionage campaigns ever seen.

Context said while it is likely the hackers behind Mask simply learned from their predecessors, it could also be a sign that some veteran cyber criminals have come out of retirement.

“Perhaps the very same talented virus writers, who back in the 80s and 90s pioneered this and other virus techniques, have now been recruited by the organization behind The Mask and are working to develop their cyber-weaponry arsenal. In which case the rest of the world beware,” read the post.

Leave a Reply

You must be logged in to post a comment.