Clicky
Last visit was: Fri Jul 04, 2014 7:10 pm
It is currently Fri Jul 04, 2014 7:10 pm

Investigators Closing In On Malware Creators


All times are UTC - 5 hours [ DST ]


 [ 9 posts ] 
Author Message
 PostPosted: Thu Feb 11, 2010 11:41 am   
Site Admin
User avatar

Joined: Tue May 09, 2006 9:18 am
Posts: 5022
'Aurora' Attacks Still Under Way, Investigators Closing In On Malware Creators
[Darkreading]

http://www.darkreading.com/vulnerabilit ... =222700786

This is a followup on the Google vs. China debacle.

Quote:
The targeted attacks that hit Google, Adobe, and other U.S. organizations are still ongoing and have affected many more companies than the original 20 to 30 or so reported by Google and others.

Security experts who have worked on forensics investigations and cleanup of the victim organizations from the attacks that originated out of China say they are also getting closer to identifying the author or authors of the malware used to breach Google and others.


This is getting decent coverage, and it's refreshing to see the urgency with which they're releasing their findings on this attack. Another great segment:

Quote:
Hoglund says HBGary was able to identify "markers" specific to the way the Aurora developer wrote the malware. But he says his firm did not include this in its new report. "This is not in the report because we don't want him to know what we know about his coding," he says. "[It] is algorithmic in nature."


SiL


Top
 Profile  
 PostPosted: Thu Feb 11, 2010 11:45 am   
Site Admin
User avatar

Joined: Tue May 09, 2006 9:18 am
Posts: 5022
Update: There is also a new removal tool which came about as a result of this research:

New tool to detect Aurora malware behind Google hack
http://news.techworld.com/security/3212 ... k/?olo=rss
HBGary builds Aurora Inoculation Shot to kill corporate espionage

Quote:
Called the Aurora Inoculation Shot, this utility will remotely scan Windows machines over the network for signs of Aurora and can remove the malicious software as well. It uses the Windows Management Instrumentation services to carry out the inoculation.

Although Aurora has been linked to attacks on just 34 companies, the software has captured the attention of corporate executives, because some believe that is connected to a widespread industrial espionage campaign originating from China.


:silthumb:

SiL


Top
 Profile  
 PostPosted: Fri Feb 19, 2010 4:07 pm   
Spam Reporter
User avatar

Joined: Fri Feb 20, 2009 5:14 pm
Posts: 114
2 China Schools Said to Be Tied to Online Attacks http://www.nytimes.com/2010/02/19/techn ... china.html
Quote:
A series of online attacks on Google and dozens of other American corporations have been traced to computers at two educational institutions in China, including one with close ties to the Chinese military, say people involved in the investigation.
<snip>
Quote:
Evidence acquired by a United States military contractor that faced the same attacks as Google has even led investigators to suspect a link to a specific computer science class, taught by a Ukrainian professor at the vocational school.
:shock:

A follow-up article in the Washington Post indicates attacks also came from additional servers not controlled by the schools.
Codes in Google attacks tied to Chinese hackers, source says http://www.washingtonpost.com/wp-dyn/co ... eheadlines


Top
 Profile  
 PostPosted: Sat Feb 20, 2010 12:33 pm   
Site Admin
User avatar

Joined: Tue May 09, 2006 9:18 am
Posts: 5022
This is potentially very significant news. :)

I'm very intrigued to see how this turns out.

SiL


Top
 Profile  
 PostPosted: Sat Feb 20, 2010 4:58 pm   
Site Admin
User avatar

Joined: Tue May 09, 2006 9:18 am
Posts: 5022
Also:

The Washington Post Article wrote:
The two schools whose servers were used are Shanghai Jiaotong University, a prestigious institution in China akin to Caltech, and Lanxiang Vocational School, both of which have links to the top ranks of information security specialists in China, said one of the sources. Neither source was authorized to speak on the record. The connection to the schools was first reported Thursday night on the New York Times Web site.


This forum's server has also had intrusion attacks made against it from Jiaotong University. I just assumed they were infected PC's, and in fact: maybe they actually are.

SiL


Top
 Profile  
 PostPosted: Sat Feb 20, 2010 5:37 pm   
You are kiillllling-a my bizinisss!
User avatar

Joined: Thu Mar 01, 2007 3:01 am
Posts: 5915
I have some friends from China who find the idea of actually paying for music or movie downloads amusing, so it may be the universities don't make much effort to prevent file sharing and all the malware that comes with it.


Top
 Profile  
 PostPosted: Sat Feb 20, 2010 6:20 pm   
Spammers' Nightmare
User avatar

Joined: Thu Apr 05, 2007 4:10 pm
Posts: 2777
Quote:
I have some friends from China who find the idea of actually paying for music or movie downloads amusing
I think this attitude is pervasive in many countries unfortunately.

Something more to read:
Slashdotted: Two Chinese Schools Reportedly Tied To Online Attacks


Top
 Profile  
 PostPosted: Sun Feb 21, 2010 12:24 pm   
Spammer Obliterator
User avatar

Joined: Fri Jun 15, 2007 7:05 pm
Posts: 2261
meep wrote:
Quote:
I have some friends from China who find the idea of actually paying for music or movie downloads amusing
I think this attitude is pervasive in many countries unfortunately.

Slightly OT, but it's quite baffling people really don't see beyond their noses. They just don't understand what's waiting there at the end of that road. The choice of new music and movies will gradually shrink away, since there naturally are very few artists who would produce everything for free...

_________________
Arf, she said


Top
 Profile  
 PostPosted: Sun Feb 21, 2010 1:39 pm   
You are kiillllling-a my bizinisss!
User avatar

Joined: Thu Mar 01, 2007 3:01 am
Posts: 5915
And really, if people do want things free, there is quite a bit available from emerging artists who want the exposure. Do a little work and find the hidden gems. You'll get your free music, you'll help someone who's starting out, and you'll have the satisfaction of saying later on, "I discovered his/her music when it was just a free download on iTunes."


Top
 Profile  
 [ 9 posts ] 

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: Ahrefs, Wayback machine and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  


Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Style originally created by Volize © 2003 • Redesigned SkyLine by MartectX © 2008