Cyberspy network targets government Pretty scary stuff. How could this go unnoticed? Has anyone heard details about how it's attacking infected machines?

It already has it's own wikipedia entry: GhostNet. Check the references for details and links.

UPDATE: Deep computer-spying network touched 103 countries

Quote:
...
The 53-page report, released on Sunday, provides some of the most compelling evidence and detail of the efforts of politically-motivated hackers while raising questions about their ties with government-sanctioned cyberspying operations.

It describes a network which researchers have called GhostNet, which primarily uses a malicious software program called gh0stRAT (Remote Access Tool) to steal sensitive documents, control Web cams and completely control infected computers.
...
The operation probably started around 2004, the time security researchers noticed that many of these institutions were being sent bogus e-mail messages with executable files attached to them, according to Mikko Hypponen, director of antivirus research at F-Secure. Hypponen, who has been tracking the attacks for years, says that GhostNet's tactics have evolved considerably from those early days. "For the past three-and-a-half years or so it's been fairly advanced and fairly technical."
...
They found computers infected with malicious software that allowed remote hackers to steal information. The computers became infected after users opened malicious attachments or clicked on linked leading to harmful Web sites.

The Web sites or malicious attachments would then try to exploit software vulnerabilities in order to take control of the machine. In one example, a malicious e-mail was sent to a Tibet-affiliated organization with a return address of "campaign@freetibet.org" with an infected Microsoft Word attachment.
...

Quote: From Wikipedia, the free encyclopedia
WTF,dalai lama uses a computer!!??!!??

Hmmm...

edit: Oh, the article was literally reverted just after I made that post.

I hope Dalai Lama uses Linux.

In other news... Conficker is going to activate something on 1st April.
Conficker. Worm which, as always, is using yet another buffer overrun in RPC service. Geez. Just how many RPC exploits it takes until Microsoft makes RPC *not* listen to world wide intertubes by default?

The scary part:

Quote:
The U.K. Ministry of Defence reported that some of its major systems and desktops were infected. The worm has spread across administrative offices, NavyStar/N* desktops aboard various Royal Navy warships and Royal Navy submarines, and Hospitals across the city of Sheffield reported infection of over 800 computers.[21][22]

(also resonates well with my linux thread, in particular with bullshit about special ultra-secure windows for government... lol.)

[Edited by - Dmytry on March 30, 2009 4:13:35 AM]

Here are the nitty gritty details about Conficker C. "60 Minutes" featured it in it's opening story tonight. I found it smacked of fear mongering targeted at the computer challenged.

Conflicker is supposed to block access to some sites (eg, microsoft, kaspersky, castlecops) so cant you just try visiting these sites to see if you are infected? I dont know if it continuously or periodically blocks these sites so not sure if its a good way of diagnosing it.

Quote: Original post by ChurchSkiz
Cyberspy network targets government

Pretty scary stuff. How could this go unnoticed? Has anyone heard details about how it's attacking infected machines?

This is old news for me. I was working for the govt. over 8 years ago and most of the hacking attempts back then were coming out of China...now whether it's being directed or coordinated by any one entity i.e. govt I doubt anyone will be able to say...

Quote: Original post by LessBread
Here are the nitty gritty details about Conficker C. "60 Minutes" featured it in it's opening story tonight. I found it smacked of fear mongering targeted at the computer challenged.

Well... I totally expect to feel results from this worm myself. In 2007 there was some other worm which did seriously affect Internet connectivity in my whole country, owing not little to the fact that most people here connect with Dlink usb adsl modem and have their computer right on the Internet, no port forwarding needed, and also most of people here use pirated windows, i.e. have no updates. So, here we get very large percentage of infected machines. This thing, on top of that, can spread through usb drives, which includes most mp3 players used here.
So if that worm as much as sneezes, i'm all out of internet for a day or two.

Really now, his holiness lives in great comfort and strives to market fabulosities we like to hear in the West.

Seems like it works.

Quote: From Wikipedia, the free encyclopedia
WTF,dalai lama uses a computer!!??!!??

Quote: Original post by Dmytry

Quote: Original post by LessBread
Here are the nitty gritty details about Conficker C. "60 Minutes" featured it in it's opening story tonight. I found it smacked of fear mongering targeted at the computer challenged.

Well... I totally expect to feel results from this worm myself. In 2007 there was some other worm which did seriously affect Internet connectivity in my whole country, owing not little to the fact that most people here connect with Dlink usb adsl modem and have their computer right on the Internet, no port forwarding needed, and also most of people here use pirated windows, i.e. have no updates. So, here we get very large percentage of infected machines. This thing, on top of that, can spread through usb drives, which includes most mp3 players used here.
So if that worm as much as sneezes, i'm all out of internet for a day or two.

My dad is a network administrator at a small high school, and recently the entire school was infected with Conficker. Because of kids using USB devices and such, it took weeks to get it removed; it even spread to some of their home computers. Needless to say it'll be interesting to see what happens on April 1st.