Greg and I have put up a new post on the IWM and Malware Lab about 0day exploits and Civil Society organizations. It s not about coordinated 0day attacks but rather some general trends and patterns that we’re seeing. We’re finding that the websites of civil society organizations are being used to push malware — [...]
Cyrus Farivar has posted a translation of a letter sent by Hossein’s father to Ayatollah Larijani. It has been almost a year since Hossein was arrested and still there have been no charges laid against him, his family has only been able to meet with him twice for a few minutes and they don’t know [...]
A new report from www.trusted.pt documents their investigation into GhostNet in Portugal. I’ve only been able to read it via Google translate but it seems very interesting. During the GhostNet investigation we found several Portuguese infections including:
Embassy of Portugal, Germany
Embassy of Portugal, France
Embassy of Portugal, Finland
CEGER, Management Center for the Electronic Government Network, Portugal
The trusted.pt [...]
A recent Malware Lab investigation I’ve been working on led me to two interesting files on a Russian botnet:
readme.txt
version.txt
I don’t know if these are well known or not, but they describe how to install the botnet backend as well as what’s been added between version 1.0 to 6.0.
Here are the executables that were on [...]
There’s a new Infowar Monitor blog post by Greg and I on the targeted malware attack on foreign correspondents based in China. The case is interesting to me because of the connections to other attacks that have been investigated by others, including Maarten Van Horenbeeck, F-Secure, ThreatExpert, and us in the past.
For me, it illustrates [...]
“Correlation does not imply causation.” If you’re into “cyberwar” read and repeat this three times.
When it comes to internet-based attacks, such as the recent DDoS attacks against in South Korea and the U.S., questions arise regarding the identity and motivations of those responsible for the attacks. Because attribution is difficult, if not close to [...]
The Internet-based attacks surrounding the Russia-Georgia conflict in August 2008 have resurfaced thanks to a report by the U.S. Cyber Consequences Unit (US-CCU). Because the report is top secret, all that is publicly available is a summary.
There are a number of reports on the Ru-Ge incident. While some are very well done, noticeably absent [...]
Recently, Jim Harper, Director of Information Policy Studies at the CATO Institute, stated that “both cyber terrorism and cyber warfare are concepts that are gross exaggerations of what’s possible through Internet attacks,” and it rubbed some the wrong way. But the overall point he was making is somewhat lost when focusing on this quote alone. [...]
BlackBerry Spyware Dissected – Analysis by Veracode. My favourite quote: “it’s not even necessary to send the .jar, but they did, completely unobfuscated. Arrogance or incompetence? ”
The 0s and 1s of Computer Warfare – Op-Ed by Evgeny Morozov. My favourite quote: “A serious international debate about cybersecurity is impossible if our only reference points [...]
I just read a great post by Jose Nazario suggesting that there hasn’t been much evidence of the use of botnets. But the most interesting point he makes is where he points out that the site under attack could take offensive action against the people participating in these “refresh” style attacks:
The attackers [...]
Tracking GhostNet: Investigating a Cyber Espionage Network.
Breaching Trust: An analysis of surveillance and security practices on China’s TOM-Skype platform.