Page 1 of 1

The Mask -- No, not the Movie

Posted: Mon Feb 10, 2014 9:14 pm
by rapier57
The Mask exploits vulnerabilities found in older Kaspersky versions and Flash:

https://threatpost.com/new-mask-apt-cam ... icated-yet

Users are targeted via spear-phising and the Mask has a number of implants at its disposal to infect and compromise OSX, Windows, and Linux. There may be implants available for iOS and Android, also.

So, if you are still running Flash on your OS of choice, might be a good idea to just get rid of it. I have and do not miss it.

I also got rid of the Java Runtime, due to similar issues. Got tired of endlessly updating to fix vulnerabilities. Don't miss that, either.

If someone requires Flash or Java Runtime, boycott them or tell them to quit it.

Re: The Mask -- No, not the Movie

Posted: Mon Feb 10, 2014 9:25 pm
by DaFoxx
just for detail
what IS Flash for ?
and if it is so prevalent nowadays what is there to replace it ?

already dropped Adobe .pdf for Foxit reader

Re: The Mask -- No, not the Movie

Posted: Mon Feb 10, 2014 9:53 pm
by dinowuff
rapier57 wrote:So, if you are still running Flash on your OS of choice, might be a good idea to just get rid of it. I have and do not miss it.

I also got rid of the Java Runtime, due to similar issues. Got tired of endlessly updating to fix vulnerabilities. Don't miss that, either.

If someone requires Flash or Java Runtime, boycott them or tell them to quit it.
So you don't use Netflix, HULU, YouTube...???

Re: The Mask -- No, not the Movie

Posted: Tue Feb 11, 2014 1:38 am
by rapier57
Not on my lappy or desktop.

Although, YouTube does switch to HTML5 with some browsers.

Re: The Mask -- No, not the Movie

Posted: Tue Feb 11, 2014 2:07 pm
by DaFoxx
rapier57 wrote:Not on my lappy or desktop.

Although, YouTube does switch to HTML5 with some browsers.
actually been doing some reading and that is basically the driving force behind HTML5 to make the world adobe safe :mrgreen:

Re: The Mask -- No, not the Movie

Posted: Tue Feb 11, 2014 2:09 pm
by DaFoxx
further reading from ElReg
http://www.theregister.co.uk/2014/02/11 ... _campaign/
Introduction to Apache Cassandra

Security researchers have discovered a sophisticated string of cyberattacks from a group of Spanish-speaking miscreants who have been operating since at least 2007.

”The Mask” (aka Careto) is one of the most advanced campaigns to date due to the complexity of the toolset used by the attackers, according to Kaspersky Lab. This includes sophisticated malware, a rootkit, a bootkit, Mac OS X and Linux versions and possibly versions for Android and iOS.

The cyber-espionage programme’s primary targets are government institutions, diplomatic offices and embassies, energy, oil and gas companies, research organisations and activists.

Researchers at Kaspersky reckon The Mask is likely a nation-state sponsored campaign that's ahead of Duqu industrial malware in terms of sophistication.

The attackers try to extract sensitive data from infected systems. These include office documents, but also encryption keys, VPN configurations, SSH keys (serving as a means of identifying a user to an SSH server) and RDP files (used by Remote Desktop Client, a proprietary protocol from Microsoft).

Re: The Mask -- No, not the Movie

Posted: Tue Feb 11, 2014 5:29 pm
by Harry
I keep Flash and Java installed but disabled in the plugins bit of the browser - just enable them when you need them for specific sites you trust and then disable them again straight away.

We reckon there's probably 20 or 30 0-days in each of them that are un-patched and unpublished and used to compromise every man and his dog. It's funny how to free flash / Java download can be used to bypass security set-ups worth millions..