back to article Ultra stealthy spy malware not so stealthy after all

A researcher has discovered a flaw in software used to spy on government agencies and contractors that can alert security personnel that their networks have been infiltrated by the otherwise hard-to-detect programs. The discovery by Joe Stewart, Dell SecureWorks' director of malware research, could help administrators detect so …

COMMENTS

This topic is closed for new posts.
Silver badge
Holmes

So how do these error messages look like?

Inquiring minds want to know...

3
0

And could Mr Stewart possibly be arsed to give us an example?

...so we might actually have a look for it? Or do I[1] have to grep the entire system for htran.exe?

[1] Not exactly I, as I do unix and have my own share of misery...

1
0

China

Chinese policy on this - blanket denial in spite of evidence to the contrary - should make people think hard and act fast.

http://www.zdnet.com/blog/btl/has-the-united-states-already-suffered-its-cyberwar-pearl-harbor/53901?tag=nl.e550

0
0
Holmes

Not merely 'evidence to the contrary'

According to the report at http://www.secureworks.com/research/threats/htran/

"we were lucky enough to observe a transient event that showed a deliberate attempt to hide the true origin of an APT" in the PRC, so it sounds as though it's very compelling evidence, possibly even beyond a reasonable doubt :-)

0
0
Coat

Saw an interesting attack recently

I was helping a friend of my daughter. In another state, so I was giving him a tutorial about proxies. Strangely enough his machine was proxying though the PRC and Taiwan, no other apparent infection. Given that his mother apparently worked in a sensitive governmental area well....

Targeted fish -> child

child+usb -> parents computer

parent + usb -> Significant compromise.

It would have been interesting to have been involved with the cleanup of the thing, but 10 to 1 the active payload on the PC would have been minimal since its web access was poisoned...

0
0
Facepalm

Can you tell what it is yet?............

Can we have a link to Dell secureworks information on this ... or at least some more in depth info on what the errors would be and where they would show.

What is this the BBC?

3
0

Link with details

http://www.secureworks.com/research/threats/htran/

3
0
FAIL

Maybe he shouldn't have shared that...

Not that openly at least...

Now every bl**dy malware author is aware of the flaw and will be taking action to remedy it.

0
0

rE: Maybe he shouldn't have shared that...

It's the eternal dilemma, isn't it? Don't release, but tell the source of the problem and they sit on their hands. Publicise and they have to race to beat the malware authors.

1
0
Linux

Scene: an office

Scene: an office

Non-IT person: OMFGWTFBBQ111!!1! I found that-there APT stuffs on our network!!!

IT person <sigh>: How did you find it? Show me.

Non-IT person: Look at this-here packet dump:

"http://debian.org/apt/repos/x86_64/repo.list.gz"

IT person <sigh> <facepalm>

1
0
This topic is closed for new posts.

Forums