A new sophisticated spyware has been discovered: Casper, his little name given its creators. A virus Genealogy thus being reconstituted with these latest finds. The oldest, Evil Bunny was dissected last month. His kinship with Babar, another program, then appeared. Today, Eset company says Casper is the same family. Joan Calvet, the report’s author, attributes with “a high level of confidence” to the same developers as Babar, according to the report that release was able to consult before publication.
But Babar as famous as a mysterious pedigree. Canadian intelligence services, quoted in a document provided by Edward Snowden, consider – with “moderate certainty” – that it would be the work of the French secret service. Le Monde , which revealed the document, noted that such a statement was itself “quite rare in a world where there is no absolute certainty in the allocation of attack IT ‘.
“A mature version of Babar”
“ no sign tip to anyone, “ tells release Joan Clavet, who analyzed Casper. The researcher is careful to confirm or refute the hypothesis by Canadian intelligence services. The Directorate-General for External Security (DGSE) contacted by release , “ does not comment on its real or supposed activities ” . “Everything is neutral, very well done, in English, like Casper was a mature version of Babar [designed in 2009, note], whose errors have been corrected. “ A body of evidence makes the French track credible.
The similarities Babar, first. “ Several parts of very specific code Casper are also in Babar and Bunny [another program from the same family, recently identified],” says Joan Calvet. All three are also cartoons names given by their designers …
as the target of the virus plot: Syria. Casper was installed in April at a site linked to the Syrian government. The researcher points out that its creators had “a likely interest in geopolitics” . The technical characteristics of the virus and its extreme development finally suggest that “Casper operators belong to a powerful organization ” , able to conduct operations “ high ” .
To remain silent rather than be found
What is Casper? It is literally a ghost spy program: harvest as discreetly as possible information on its targets without ever revealing its presence and sends the report. In good spy, it adapts to its environment and prefers to keep quiet – not to go for information – being discovered. Leaves, if necessary, to self-destruct.
Transpose in a computer environment, Casper detects virus on infected machines and starts or not in motion based on what it finds. Better, “ to perform some” noisy “actions, such as reading a file of the machine, Casper choose a different method depending on which virus is running on the computer “, explains Joan Calvet.
To access the computers, Casper uses two faults then unknown, called a” zero day “in Flash. It is thus in some way to open the doors of the target computers and then, in a second step, to collect information. As to what is done with that information, Eset has not as yet no idea. Other programs unidentified take over. This partitioning (openness, intelligence, operations) emphasizes again the skill of its designers.
Interference tracks
The main unknown concerns the real targets. The researcher wonders about the opportunity to trap such a site (jpic.gov.sy) intended to refer complaints to the Syrian authorities. It considers implausible that the attackers had specifically targeted the users of this site. “ Maybe this is a chance to choose suppose Joan Calvet. A recent hacking this site showed that his safety was failing. The website is hosted in Syria, making it accessible even if the Internet connection to the rest of the world is off “ Not to mention the interference of the slopes. The virus is installed on a Syrian government site, the looks are turning first to the regime of Bashar al-Assad, customary cyber attacks against its opponents.
By assumption, Joan Calvet deduced that the victims may have been redirected to the infected site from another source, such as a malicious link in an email, for example. “ All the victims were targeted in Syria ” says the researcher. Its designers, probably not.
No comments:
Post a Comment