Investigators Closing In On Malware Creators

A place to discuss malware of every flavor, e.g. Storm, Waledac, Conficker and Zeus

Investigators Closing In On Malware Creators

Postby spamislame » Thu Feb 11, 2010 11:41 am

'Aurora' Attacks Still Under Way, Investigators Closing In On Malware Creators
[Darkreading]

http://www.darkreading.com/vulnerabilit ... =222700786

This is a followup on the Google vs. China debacle.

The targeted attacks that hit Google, Adobe, and other U.S. organizations are still ongoing and have affected many more companies than the original 20 to 30 or so reported by Google and others.

Security experts who have worked on forensics investigations and cleanup of the victim organizations from the attacks that originated out of China say they are also getting closer to identifying the author or authors of the malware used to breach Google and others.


This is getting decent coverage, and it's refreshing to see the urgency with which they're releasing their findings on this attack. Another great segment:

Hoglund says HBGary was able to identify "markers" specific to the way the Aurora developer wrote the malware. But he says his firm did not include this in its new report. "This is not in the report because we don't want him to know what we know about his coding," he says. "[It] is algorithmic in nature."


SiL
User avatar
spamislame
Site Admin
 
Posts: 5056
Joined: Tue May 09, 2006 9:18 am

Re: Investigators Closing In On Malware Creators

Postby spamislame » Thu Feb 11, 2010 11:45 am

Update: There is also a new removal tool which came about as a result of this research:

New tool to detect Aurora malware behind Google hack
http://news.techworld.com/security/3212 ... k/?olo=rss
HBGary builds Aurora Inoculation Shot to kill corporate espionage

Called the Aurora Inoculation Shot, this utility will remotely scan Windows machines over the network for signs of Aurora and can remove the malicious software as well. It uses the Windows Management Instrumentation services to carry out the inoculation.

Although Aurora has been linked to attacks on just 34 companies, the software has captured the attention of corporate executives, because some believe that is connected to a widespread industrial espionage campaign originating from China.


:silthumb:

SiL
User avatar
spamislame
Site Admin
 
Posts: 5056
Joined: Tue May 09, 2006 9:18 am

Re: Investigators Closing In On Malware Creators

Postby tex.writer » Fri Feb 19, 2010 4:07 pm

2 China Schools Said to Be Tied to Online Attacks http://www.nytimes.com/2010/02/19/techn ... china.html
A series of online attacks on Google and dozens of other American corporations have been traced to computers at two educational institutions in China, including one with close ties to the Chinese military, say people involved in the investigation.
<snip>
Evidence acquired by a United States military contractor that faced the same attacks as Google has even led investigators to suspect a link to a specific computer science class, taught by a Ukrainian professor at the vocational school.
:shock:

A follow-up article in the Washington Post indicates attacks also came from additional servers not controlled by the schools.
Codes in Google attacks tied to Chinese hackers, source says http://www.washingtonpost.com/wp-dyn/co ... eheadlines
tex.writer
Spam Reporter
 
Posts: 114
Joined: Fri Feb 20, 2009 5:14 pm

Re: Investigators Closing In On Malware Creators

Postby spamislame » Sat Feb 20, 2010 12:33 pm

This is potentially very significant news. :)

I'm very intrigued to see how this turns out.

SiL
User avatar
spamislame
Site Admin
 
Posts: 5056
Joined: Tue May 09, 2006 9:18 am

Re: Investigators Closing In On Malware Creators

Postby spamislame » Sat Feb 20, 2010 4:58 pm

Also:

The Washington Post Article wrote:The two schools whose servers were used are Shanghai Jiaotong University, a prestigious institution in China akin to Caltech, and Lanxiang Vocational School, both of which have links to the top ranks of information security specialists in China, said one of the sources. Neither source was authorized to speak on the record. The connection to the schools was first reported Thursday night on the New York Times Web site.


This forum's server has also had intrusion attacks made against it from Jiaotong University. I just assumed they were infected PC's, and in fact: maybe they actually are.

SiL
User avatar
spamislame
Site Admin
 
Posts: 5056
Joined: Tue May 09, 2006 9:18 am

Re: Investigators Closing In On Malware Creators

Postby AlphaCentauri » Sat Feb 20, 2010 5:37 pm

I have some friends from China who find the idea of actually paying for music or movie downloads amusing, so it may be the universities don't make much effort to prevent file sharing and all the malware that comes with it.
User avatar
AlphaCentauri
You are kiillllling-a my bizinisss!
 
Posts: 5989
Joined: Thu Mar 01, 2007 3:01 am

Re: Investigators Closing In On Malware Creators

Postby meep » Sat Feb 20, 2010 6:20 pm

I have some friends from China who find the idea of actually paying for music or movie downloads amusing
I think this attitude is pervasive in many countries unfortunately.

Something more to read:
Slashdotted: Two Chinese Schools Reportedly Tied To Online Attacks
User avatar
meep
Spammers' Nightmare
 
Posts: 2777
Joined: Thu Apr 05, 2007 4:10 pm

Re: Investigators Closing In On Malware Creators

Postby Nodus » Sun Feb 21, 2010 12:24 pm

meep wrote:
I have some friends from China who find the idea of actually paying for music or movie downloads amusing
I think this attitude is pervasive in many countries unfortunately.

Slightly OT, but it's quite baffling people really don't see beyond their noses. They just don't understand what's waiting there at the end of that road. The choice of new music and movies will gradually shrink away, since there naturally are very few artists who would produce everything for free...
Arf, she said
User avatar
Nodus
Spammer Obliterator
 
Posts: 2287
Joined: Fri Jun 15, 2007 7:05 pm

Re: Investigators Closing In On Malware Creators

Postby AlphaCentauri » Sun Feb 21, 2010 1:39 pm

And really, if people do want things free, there is quite a bit available from emerging artists who want the exposure. Do a little work and find the hidden gems. You'll get your free music, you'll help someone who's starting out, and you'll have the satisfaction of saying later on, "I discovered his/her music when it was just a free download on iTunes."
User avatar
AlphaCentauri
You are kiillllling-a my bizinisss!
 
Posts: 5989
Joined: Thu Mar 01, 2007 3:01 am


Return to Malware

Who is online

Users browsing this forum: No registered users and 1 guest

cron