"Careto" is the name of "a sophisticated suite of tools for compromising computers and collecting a wealth of information from them,"
reports The Washington Post.
Here's how it works.
It sends out emails designed to look as though they were sent legitimately from news sources like The
Guardian and others. A population of people end up clicking on a link that takes them to a shady site that scans their computer for vulnerabilities. It works against Windows, OS X and Linux systems, and there may be iOS and Android versions on the way.
Once infected, a computer surrenders pretty much any info the malware wants. It can collect "network traffic, keystrokes, Skype conversations, analyze Wi-Fi traffic, PGP keys, fetch all information from Nokia devices, screen captures and monitor all file operations."And lest you need a reminder, no one knows where it came from.
If you want to dig into the nitty-gritty of it all,
Kaspersky Labs released this extensive report on Careto that gets into a lot of the scarier technical details.
New? What EXACTLY is new about these facts:
1. "compromising computers and collecting a wealth about them" - typical trojan
2. "It sends out emails designed to look as though they were sent legitimately from [source]" - typical phishing attack/scam witjh a payload that in general creates a session with the machine to be exploited and then post-exploits them
3. "It works against Windows, OS X and Linux systems, and there may be iOS and Android" vulnerabilities, shellcode, 0day, buffer overflow have been found on all these, there are thousands of these exploits, searchable under the open-source software on Linux called searchsploit
4. "Once infected, a computer surrenders pretty much any info the malware wants. It can collect "network traffic, keystrokes, Skype conversations, analyze Wi-Fi traffic, PGP keys, fetch all information from Nokia devices, screen captures and monitor all file operations." OH WOW. Again, Metasploit 101, Metasploit being a penetration testing framework. What you can do in the post-exploit part is scary indeed, though. You can spy on someone from his webcam and listen to him/her from their integrated microphone for example.
All of this is not news. It is something of an issue to most computer users and has been warned about for ages, but is still going on..... Indeed, the NSA types, I suppose, do work with the professional versions of the mentioned tools or pay some company to develop some tools for mass spying.