Can you please tell me more about The Mask -- which some are touting as the "most advanced malware around"? How...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
much of a threat is it to the average enterprise and what defenses will work against it?
The Mask (aka Careto) may currently be the most advanced publicly known malware, but it will undoubtedly be surpassed by malware that comes out in the future. However, The Mask can be credited with successfully incorporating multiple cutting-edge attack techniques. The Mask also appears to use some general good-programming practices; for example, it incorporates modular development into the design and allows for modules to be updated or new modules to be deployed after it has infiltrated a system. This can help hide the malware. Once malware developers know certain components are being detected by antimalware tools, they can deploy an updated module to replace the detected one. The Mask also can disable antimalware tools in victims' systems by preventing the antimalware tool from scanning the malicious file or by disabling the tools outright from running on the system.
The good thing for most enterprises is that The Mask is a targeted attack and appears to have had fewer than 400 victims and to have infected in the range of 1,000 IPs. While the names of the victims have not been released, their country and industry sectors have been. The Mask is also targeting systems with older antimalware software, so running current versions of antimalware tools on endpoints may potentially block and prevent the attack.
One study on The Mask includes indicators of compromise including specific IP addresses, Domain Name System names and file names that could be used to detect whether your system is infected by the malware. It looks as if The Mask is trying to collect sensitive data by seeking file types on endpoints, so monitoring your local system with a file integrity monitor for a high amount of suspicious file-system activity could also produce something to investigate.
Ask the Expert!
Want to ask Nick Lewis a question about enterprise threats? Submit your question now via email! (All questions are anonymous.)
Dig Deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from Nick Lewis
Latentbot malware has layers of obfuscation that makes it hard to detect. Expert Nick Lewis explains how its process works, beginning with a phishing...continue reading
A hard to detect type of Linux malware, Rekoobe, can download files to user systems. Expert Nick Lewis explains the malware's key functionality and ...continue reading
Pro POS, a new type of POS malware, has simple operations and is easy to obtain. How was it so successful against businesses? Expert Nick Lewis ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.