Security and Malware family Cybersecurity Essay

Submitted By Memphis100
Words: 535
Pages: 3
Open Document
Casper Malware Brownbag

Ake Tyler – STIC - FedEx Services

1

Click icon to add picture

.

In March 2014, French newspaper Le Monde revealed that
France is suspected by the Communications Security
Establishment Canada (CSEC) of having developed and deployed malicious software for espionage purposes

2

What is Casper?
• Casper surveillance malware was used as an initial program

• Casper malware was hosted in a folder on the website and users who accessed that folder were infected by the surveillance malware. CyberSecurity 2014

3

How Casper works
• A first stage implant that is delivered to the desired target.

• The malware is then hosted in a folder on the website’s server, and users who accessed that folder were then infected.

• After obtaining information the attackers could determine whether the victim was interesting and worthy of further hacking.

CyberSecurity 2014

4

Babar malware
• A few months ago cyber security researchers detected a new French malware named Babar.

• Babar malware was used by the General
Directorate for External Security (DGSE) for surveillance and cyber espionage operations. • Casper was discovered by Canadian malware researchers that linked it to the
French General Directorate for External
Security.
CyberSecurity 2014

5

Babar and Casper have the same root
• Malware specialists have discovered several similarities between Casper and Babar.

• The experts sustain that Casper was
“likely” developed by the same group behind Babar, and were both connected by documents leaked by Edward Snowden.

• They refer to the hacking group as the
“Animal Farm” because of each malware’s animal-like and cartoon-inspired names.
CyberSecurity 2014

6

Similarities of the Malwares
• Proxy bypass code.
• Enumeration of installed anti-virus solutions through WMI.

• Embedded and encrypted configuration in
XML format.

• Partial API name hashing, Casper sharing the algorithm with Nbot and Bunny.

• Payload deployment by remote thread injection through mapping of section objects. • Using unhandled exception filters, calling
Exit Process in case of exception.
CyberSecurity 2014

7

How Does Casper Relate to the Other Cartoons?

• Casper hides its calls to API functions
• Casper fetches information about the running antivirus

• Casper generates delimiters for its HTTP

8

Members of the cartoon malware family

CyberSecurity 2014

9

Same
Show More

Related Documents: Security and Malware family Cybersecurity Essay

Essay on Digital Privacy

What will digital life look like in 2025? Highlights from our reports BY LEE RAINIE AND JANNA ANDERSON4 COMMENTS This year marked the 25th anniversary of the creation of the internet, making it a good time to look at how the internet had changed lives and what opportunities, challenges and dangers the coming years might bring. To do that, the Pew Research Center and Elon University’s Imagining the Internet Center posed a battery of questions to nearly 3,000 internet experts and scholars, centering…

Words 7325 - Pages 30