back to article Oh, ambassador! You literally are spoiling us: Super-stealthy spyware hits Euro embassy PCs

A highly advanced piece of malware, dubbed Gazer, has been found in embassies and consulates across Eastern Europe. The software nasty was discovered by security shop Eset, which says the code uses a two-stage process to insert itself into Microsoft Windows machines. In a report published today, we're told the initial point of …

  1. Ken Moorhouse Silver badge

    "Only single player is allowed"

    Video game? Or a forecasting program which government's use to practice world domination tactics.

    1. Anonymous Coward
      Childcatcher

      Re: "Only single player is allowed"

      "Video game?"

      My thought exactly but for a different reason to yours. Unless there are more gaming related strings then my *dar would be going berserk. That phrase is missing the indefinite article which isn't a smoking gun as such - some proportion of programmers of a game may have a tenuous grasp of English even when it is their first language. However the error is unlikely to be repeated for all occurrences.

      So, you start with the subset of speakers who might routinely drop an "a" when describing single players in English as a second language and correlate with other clues. Obviously you might want to consider that as a deliberately dropped clue to put you off the real scent.

      *crackle* *crackle* (tin foil cloak to go with the hat)

      1. Ken Moorhouse Silver badge

        Re: unlikely to be repeated for all occurrences

        which shouldn't really be there at all if what we learned about programming were put into practice.

        Which reminds me:-

        YOU ARE IN A LITTLE MAZE OF TWISTING PASSAGES, ALL DIFFERENT.

        YOU ARE IN A MAZE OF TWISTING LITTLE PASSAGES, ALL DIFFERENT

        P.S. I'm not shouting, in them days there weren't no lower case.

    2. Rob D.
      Coat

      Re: "Only single player is allowed"

      Surely a missed opportunity to use, "All your base are belong to us"?

  2. Anonymous Coward
    Anonymous Coward

    "in embassies and consulates across Eastern Europe."

    For what definition of Easter Europe exactly?

    1. Chris G

      Re: "in embassies and consulates across Eastern Europe."

      Also, whose?

      And why at Easter?

      If my experience with Russian thinking is anything to go by, this, though difficult to find, is nevertheless detectable so is designed to attract attention away from something else.

    2. Rob D.

      Re: "in embassies and consulates across Eastern Europe."

      The report from eset doesn't actually say 'Eastern Europe' but this:

      "Southeastern Europe as well as countries in the former Soviet Union Republichas (sic)"

      No specific details on countries though.

  3. Anonymous Coward
    Anonymous Coward

    Why does everything seem to state 'Microsoft Windows' on the system requirements recently? Wannacry, Wannacrpt , now Gazer the list is endless.....

    1. Anonymous Coward
      Anonymous Coward

      It's simply low-hanging fruit. However, given this is a targeted attack (hint: spear-phishing was used as the initial vector; that's mainly social engineering), there's nothing to say any other OS available could be penetrated as well, no matter what safeguards may be in place. Few products of man can ever truly be declared perfect, and it's hard to get rid of the human vulnerability.

      1. Doctor Syntax Silver badge

        "any other OS available could be penetrated as well, no matter what safeguards may be in place."

        It gets harder to make spear phishing work if the victim only reads emails with mutt.

    2. Voland's right hand Silver badge

      Why does everything seem to state 'Microsoft Windows'

      That is what 99% of state institutions and employees use. While corporates are no longer the 100% Wintel territory they used to be, governments are and remain a MSFT stronghold.

    3. Anonymous Coward
      Linux

      System requirements

      "Why does everything seem to state 'Microsoft Windows' on the system requirements recently?"

      Stop whining, I for one would like to know if my system is compatible with the latest stuff doing the rounds.

      Besides, you must be new here, you cool anon numpty you, MS bashing (and supporting) is par for the course and we are sometimes generous to those with high handicaps provided they have something useful to say or at least try to but you don't.

      1. Anonymous Coward
        IT Angle

        Re: System requirements

        "Stop whining, I for one would like to know if my system is compatible with the latest stuff doing the rounds."

        Compatibility was never an issue until Microsoft made it so ..

        Security as a lock in: "I believe as we evolve security capabilities there must be some way to set this up so that our operating systems have shared secrets with each other that make them work better with each other than with other operating systems - whether it's JAVAOS layered on top of us or clones or anything else. I think we need to make this an explicit goal of our security strategy."

        Openness: "Our most potent Operating System competitor is Linux and the phenomena around Open Source and free software. The same phenomena fuels competitors to all of our products. The ease of picking up Linux to learn it or to modify some piece of it is very attractive"

        Lotus Notes R5 Competitive Analysis aka Microsoft Innovation.

        1. Anonymous Coward
          Anonymous Coward

          Re: System requirements

          > The ease of picking up Linux to learn it or to modify some piece of it is very attractive

          Apparently it was so attractive that nowadays Microsoft is a significant contributor to Linux and even ships it along with their own operating system.

  4. Yet Another Anonymous coward Silver badge

    Conspiracy time

    Which north western european nation would most benefit from information obtained about other european countries over the next 20 months?

    If you were MI6 would you

    a, deliberately make your spy software look Russian to throw off the enemy

    b, have spy software so simply super that nobody ever found it

    c, not use spy software because it is ungentlemanly

    d, have no idea what anyone is talking about because you rely on aged Oxford tutors to recruit all your staff and they haven't moved to fountain pens yet

    e, see no need to spy because johnny foreigner will give in to all of Boris's demands anyway

    1. CAPS LOCK

      Oxford?

      Cambridge dear boy, Cambridge.

      1. Yet Another Anonymous coward Silver badge

        Re: Oxford?

        I thought Cambridge was where the KGB recruited ?

        1. Anonymous Coward
          Anonymous Coward

          Re: Oxford?

          "I thought Cambridge was where the KGB recruited?"

          Because it was already where MI6 recruited. Do try to keep up, dear boy.

    2. Anonymous Coward
      Anonymous Coward

      Re: Conspiracy time

      The rot has gone a long way indeed when we actually have someone called Boris, not just in the Foreign Office, but running the whole ruddy show!

      1. Yet Another Anonymous coward Silver badge

        Re: Conspiracy time

        someone called Boris, not just in the Foreign Office, but running the whole ruddy show!

        Worse than that - he's an American

  5. John Savard

    For Sensitive Stuff

    It's time for places like embassies not to use computers with Microsoft Windows. Everyone else uses it, so there are plenty of viruses. Instead, each country should under great secrecy design its own hardened secure variant of BSD to put on its machines.

    Of course security by obscurity isn't real security, but it's better than nothing, and nothing seems to be what you will usually get.

    I mean, it's not as if computers for issuing passports or sending encrypted messages home have to be able to run all the latest games.

    1. ArrZarr Silver badge
      Facepalm

      Re: For Sensitive Stuff

      The government can't build a webpage on budget. No hope of building an OS anywhere near what they would need in time/on budget/to spec.

      1. Anonymous Coward
        Anonymous Coward

        Re: For Sensitive Stuff

        Jesus X Christ, that has made me laugh more than anything this century so far!

        "An operating system designed and built by a government".

        Just pause, gasp, and contemplate the vast avenues of potential...

    2. CAPS LOCK

      Re: For Sensitive Stuff

      It makes you wonder what the computers at GCHQ and the NSA run... Anyone know?

      1. Anonymal coward

        Re: For Sensitive Stuff

        The GCHQ gonk giving an IoP lecture on encryption was using a Windows laptop...

      2. Paul Crawford Silver badge

        Re: For Sensitive Stuff

        Well the 'open' part of GCHQ provides guidance on most common OS that are a sensible starting point:

        https://www.ncsc.gov.uk/guidance/end-user-device-security

        Some might normally be laughable from a privacy point of view (Android, Chrome OS and consumer Windows 10) but I guess when configured their way (i.e. all using corporate VPN, Win10 enterprise options) they become acceptable for "official" work. Reading the Ubuntu 16.04 notes is interesting, they make a point of making user-writeable areas no-execute and enforcing apparmor restrictions on various process.

        Reminds me of the saying "he who checks behind the door has once hidden there before".

      3. Anonymous Coward
        Anonymous Coward

        Re: For Sensitive Stuff

        They use a specially custom tailored version of Windows created for them by Microsoft. Bill Gates himself assured them it was perfectly secure.

        1. Yet Another Anonymous coward Silver badge

          Re: For Sensitive Stuff

          BBC Micro with Wordwise ROM

  6. mark l 2 Silver badge

    These problems all come about when what should be a document format containing text and images is allowed to have executable code embedded. If PDFs and MS Office documents contained no executable data most of these attacks wouldn't be possible.

    1. Anonymous Coward
      Anonymous Coward

      You forget the times when it's the images themselves that are the vector. Or a font.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like