malware so stealthy it remained hidden for six years despite infecting at least 100 computers worldwide.
100 of the right computers infected, brilliant and stays hidden longer. Or did Kaspersky write it and is trying to get good PR?
Something's left out here. Winbox is a user interface to MikroTik routers. It has no scripting capabilities built in. So using that to infect a system would require user intervention with no ability to automate the infection. No wonder it's only 100 systems.
Debug messages written in perfect English suggest that the developers spoke that language.
100 of the right computers infected, brilliant and stays hidden longer. Or did Kaspersky write it and is trying to get good PR?
Well let’s remember that ‘at least’ and ‘approximately’ and ‘exactly’ all mean quite different things. At least 100 means >100 which doesn’t have an upper limit.
Not that something like this is good, but this is truly a fascinating piece of software. Obviously, the programmer(s) are very talented. It's a shame that they turned to the dark side.
"The malware is highly advanced, solving all sort of problems from a technical perspective and often in a very elegant way, combining older and newer components in a thoroughly thought-through, long-term operation, something to expect from a top-notch well-resourced actor."
The name Cahnadr clearly indicates it's Canadian. Durr.
Debug messages written in perfect English suggest that the developers spoke that language.
I guess this is something that happens with modern development environments, but it still seems odd to include debug messages (in any language) in malware.
If I were the CIA, and I wanted to implicate the Russians in the development of malware, I'd definitely have someone go through all the plain language and make sure it was fluent Ukrainian or whatever language I believed that the media would believe that the Russians would use to try to make it look like they didn't write the malware.Not that something like this is good, but this is truly a fascinating piece of software. Obviously, the programmer(s) are very talented. It's a shame that they turned to the dark side.
"The Dark side" is always relative...
"Perfect English", "Nation State", "Middle East and Africa"...
Things that make you go "Hmmm"...
Yeah, the "perfect English" bit suggests to me that it's less likely they are native speakers. People who grow up natively in a language rarely approach perfection in use.
I do not know if I am the only one, but with all the news about unsecure/unmaintained and infected Router, I am now looking at that piece of kit differently.
Used to be you update it, you set it up, and then you can forget about it unless it breaks down...
Remember when people started doubting Antivirus Companies, thinking they could just use the one Windows came up with, and everything would be fine?
Now I see the need for a new kind of equipment. If you could sell me a box I could plug in, only for security, that could monitor everything to see if I was infected in any way, I would pay good money for it.
Exceptionally broad-ranging data collection capabilities paired with elegantly structured stealth architecture = "One-stop shopping for all your data collection needs!"Not that something like this is good, but this is truly a fascinating piece of software. Obviously, the programmer(s) are very talented. It's a shame that they turned to the dark side.
"The Dark side" is always relative...
"Perfect English", "Nation State", "Middle East and Africa"...
Things that make you go "Hmmm"...
Now I see the need for a new kind of equipment. If you could sell me a box I could plug in, only for security, that could monitor everything to see if I was infected in any way, I would pay good money for it.
This is the same Kaspersky that was exposed as an agent of the Russian government and hacked NSA computers, right? Awfully cute of them to be announcing a malware discovery as though they have any credibility anymore.
Now I see the need for a new kind of equipment. If you could sell me a box I could plug in, only for security, that could monitor everything to see if I was infected in any way, I would pay good money for it.
Do you know what an IDS is?
i did not know that MikroTik was a Latvian manufacturer... i thought it was made in the USA. (or assembled)
I thought MikroTik products were similar to ubnt.com or ubiquiti products that are US designed and/or assembled...
Now I see the need for a new kind of equipment. If you could sell me a box I could plug in, only for security, that could monitor everything to see if I was infected in any way, I would pay good money for it.
Do you know what an IDS is?
Yes, they are hardly on sale in your local supermarket, are they?
I think the first company who will package it in an easy to use appliance will sell millions.
This is the same Kaspersky that was exposed as an agent of the Russian government and hacked NSA computers, right? Awfully cute of them to be announcing a malware discovery as though they have any credibility anymore.
Remember when your computer used to be stable, before you installed a live monitoring antivirus and it put low level hooks into everything? Remember when you used to be able to copy a directory without the AV pegging your CPU for minutes on end?Remember when people started doubting Antivirus Companies, thinking they could just use the one Windows came up with, and everything would be fine?
The name Cahnadr clearly indicates it's Canadian. Durr.
Debug messages written in perfect English suggest that the developers spoke that language.
I guess this is something that happens with modern development environments, but it still seems odd to include debug messages (in any language) in malware.
Remember when your computer used to be stable, before you installed a live monitoring antivirus and it put low level hooks into everything? Remember when you used to be able to copy a directory without the AV pegging your CPU for minutes on end?Remember when people started doubting Antivirus Companies, thinking they could just use the one Windows came up with, and everything would be fine?
Remember when your computer used to be stable, before you installed a live monitoring antivirus and it put low level hooks into everything? Remember when you used to be able to copy a directory without the AV pegging your CPU for minutes on end?Remember when people started doubting Antivirus Companies, thinking they could just use the one Windows came up with, and everything would be fine?
Truly you have a dizzying intellect.Okay. Say I'm the CIA. I want to manipulate the western media into blaming Russia for some malware. This isn't very hard, because the CIA basically owns the American media, but they can't be too obvious about it, so they can't just write malware that contains perfect Russian....fluent Ukrainian or whatever language I believed that the media would believe that the Russians would use to try to make it look like they didn't write the malware.
Ugh, you're all over the place with that (thus supporting my point)
Could you maybe rephrase a bit? I'm honestly having a little trouble parsing it correctly.
So, instead, they pretend that they're Russia pretending to be North Korean hackers. They leave such obvious NK traces that it seems obviously forced, and then drop a few subtle hints that would implicate Russia if you knew what you were looking at.
The media rapidly forms an "organic" consensus on the matter. Security researchers who doubt the official narrative know that if they try to speak up, they'll be branded as contrarians at best or conspiracy theorists at worst. Besides, they know all this nation-level stuff is kabuki anyway. It doesn't matter nearly as much as the media makes everyone think.
Et voilà, Russia hacked the Olympics.
A week later, everyone has completely forgotten about it (except sulking security researchers), but the general sense that "Russia is bad" has still been ratcheted up a notch, and another successful CIA psyop against America and the west has been successfully executed.
To be clear, I'm not taking Russia's side in any of this. Putin can be what he is, and Russia can be what it is, and that still doesn't change the nature of "American" intelligence agencies.