The Washington Post

This malware is frighteningly sophisticated, and we don’t know who created it

Most of the early Internet malware were simple programs created by bored amateurs. But it's not 1999 anymore. As the Internet has grown more sophisticated, so has malware. A new report from Kaspersky labs dissects what could be the most sophisticated malware yet discovered in the wild.

The software, dubbed Careto, is a sophisticated suite of tools for compromising computers and collecting a wealth of information from them. Whoever is behind the malware sends out "spear phishing" e-mails, with addresses designed to be mistaken for the Web sites of mainstream newspapers, such as The Washington Post or the Guardian. If the user clicks on a link, it takes her to a Web site that scans her system for vulnerabilities and attempts to infect it. There are multiple versions of the malicious software designed to attack Windows, Mac OS X and Linux versions, and Kapersky believes there may be versions that attack iOS and Android.

Once Careto has compromised a system, it begins collecting sensitive information from it. The software can "intercept network traffic, keystrokes, Skype conversations, analyse WiFi traffic, PGP keys, fetch all information from Nokia devices, screen captures and monitor all file operations."

It can also capture any encryption keys found on the machine, which can help launch attacks against other machines. The software has a plug-in architecture, allowing the attacker to dynamically load new software to perform tasks such as monitoring keystrokes or capturing the victim's email.

Early malware spread uncontrolled from computer to computer. In contrast, Careto is highly targeted. Kaspersky was able to gather data about who was subject to attacks. Most of the attacks targeted government institutions, embassies, oil and gas companies, research organizations, private equity firms and activists.

Computers around the world were targeted, with no apparent pattern:

Careto victims' IP addresses by country. (Kaspersky Lab)

So who's behind the malware? It's likely that only national intelligence agencies have the resources to build software of this complexity and sophistication. Fragments of Spanish embedded in the software's files suggest that the culprit is a native Spanish speaker. But it's not clear which Spanish-speaking nation would build such a sophisticated intelligence operation. And the researchers note that the fragments of Spanish may be a "false flag" operation: The software's authors may have deliberately inserted Spanish slang into the software's source code to divert attention from the real authors.

Regardless, the emergence of the malware underscores that software-based espionage is an important new source of power. Last year, documents leaked by Edward Snowden revealed that the National Security Agency has a large "Tailored Access Operations" department dedicated to building offensive hacking capabilities. If the NSA didn't build Careto, it's a safe bet that they have something like it. And intelligence agencies in China, Russia and other great powers are likely working on software like it too.



Success! Check your inbox for details. You might also like:

Please enter a valid email address

See all newsletters

Show Comments
Most Read



Success! Check your inbox for details.

See all newsletters

Your Three. Video curated for you.
Next Story
Brian Fung · February 10, 2014

To keep reading, please enter your email address.

You’ll also receive from The Washington Post:
  • A free 6-week digital subscription
  • Our daily newsletter in your inbox

Please enter a valid email address

I have read and agree to the Terms of Service and Privacy Policy.

Please indicate agreement.

Thank you.

Check your inbox. We’ve sent an email explaining how to set up an account and activate your free digital subscription.