

This Malware Is Frighteningly Sophisticated And We Don't Know Who Created It - interpares
http://www.washingtonpost.com/blogs/the-switch/wp/2014/02/10/this-malware-is-frighteningly-sophisticated-and-we-dont-know-who-created-it/

======
fauigerzigerk
_" It's likely that only national intelligence agencies have the resources to
build software of this complexity and sophistication."_

That's a notion that's coming up more often recently. I think there are good
reasons to suspect that governments are behind it, but complexity and
sophistication are not good enough reasons.

Yes, governments are large organizations that can throw a lot of resources at
a problem, but software isn't built like the pyramids of Giza where using more
slaves moves more stones in a given a amount of time. A handful of competent
people can build very complex and sophisticated software.

~~~
area51org
Speaking of governments, why not large, rogue corporations, ones that are so
large that they operate as unelected governments, unaffiliated with any
particular country and above all law?

~~~
snitko
I'm amazed at how people are scared of corporations more than governments.
Corporations are kept in check because all the money they spend on things are
their own money. Now those could be evil things they spend their money on,
indeed. But they are limited in resources. They can't print new money or order
their customers to pay. Governments can do all of those things and they know
that whatever sick shit they do, people will be forced to pay anyway.

~~~
fauigerzigerk
I can tell you why people are scared of corporations. It's because they
transcend nation states and hence democracy. They can pick and choose from
different jurisdictions for different purposes. Pay taxes here, use good
infrastructure there, conform to environmental standards or labor laws in one
country whilst exploiting broken political funding rules in another one.

I can't say this is always bad. Sometimes it helps us avoid authoritarian
ideas that various governments subject us to. Sometimes it leads to cheaper
goods and services for all of us. But it is definitely scary how large
entities controlled by a small wealthy minority wield such disproportionate
power.

~~~
snitko
_> It's because they transcend nation states and hence democracy. They can
pick and choose from different jurisdictions for different purposes. Pay taxes
here, use good infrastructure there, conform to environmental standards or
labor laws in one country whilst exploiting broken political funding rules in
another one._

None of that I consider to be inherently bad. Democratic states do much worse
things, like mass murdering people in wars and imprisoning people for
victimless crimes - and all of that states do using money they confiscate from
its citizens. Call me when a corporation does anything close to such
atrocities.

~~~
fauigerzigerk
I merely explained why people are scared of corporations. I didn't say that
there isn't anything more scary. But if you think that wars haven't been
fought over corporate interests or that corporations, organized crime and
governments are always completely seperate things you are very mistaken.

------
gregholmberg
A careto is a costumed thief character from an ancient pagan ritual in
Portugal.

"Caretos are masked young men dressed in suits made of yellow, red, black,
blue and green fringe wool quilts, wearing brass, leather or wooden masks and
rattles in their belts. ... They appear in groups from every corner of the
village running and shouting excitedly, frightening the people and “robbing”
all the wineries." [0]

The trojan referred to in this story is known by another name. [1]

[0]
[https://en.wikipedia.org/wiki/Careto](https://en.wikipedia.org/wiki/Careto)

[1]
[https://en.wikipedia.org/wiki/The_Mask_(malware)](https://en.wikipedia.org/wiki/The_Mask_\(malware\))

------
yifanlu
Personally, I only think a malware is sophisticated based on how it infects
(like stuxnet with 4 windows zero-days, and windows update hijacking with fake
code signing certificate). Spear phishing seems to be pretty boring. I think
Kaspersky is just embarrassed that the malware (they say unsuccessfully)
originally exploited Kaspersky AV. Also, anyone can write "complicated" C&C
software. There's a lot of bundles you can find online that does most of
what's listed.

~~~
SomeCallMeTim
Sometimes I read the comments before the article; seems like this time I saved
myself some time. Thanks. :)

~~~
plugger
Apparently the malware used three backdoors, given the reporting that it was
in the wild for 7 years I can't help but think they were zero day exploits.

[http://www.wired.com/threatlevel/2014/02/mask/](http://www.wired.com/threatlevel/2014/02/mask/)

~~~
SomeCallMeTim
OK, that's real news, then.

------
wila
"we don't know who created it" Umm yes catchy headline, but internet criminals
usually don't have support help desks or leave contact details.

The Washington Post article reads as FUD written by somebody who has little or
no idea what he is writing about. As @yifanly mentions, most of the scary
stuff mentioned is available as a premade kit for sale online.

