A researcher has discovered a flaw in software used to spy on government agencies and contractors that can alert security personnel that their networks have been infiltrated by the otherwise hard-to-detect programs. The discovery by Joe Stewart, Dell SecureWorks' director of malware research, could help administrators detect so …
So how do these error messages look like?
Inquiring minds want to know...
And could Mr Stewart possibly be arsed to give us an example?
...so we might actually have a look for it? Or do I have to grep the entire system for htran.exe?
 Not exactly I, as I do unix and have my own share of misery...
Chinese policy on this - blanket denial in spite of evidence to the contrary - should make people think hard and act fast.
Not merely 'evidence to the contrary'
According to the report at http://www.secureworks.com/research/threats/htran/
"we were lucky enough to observe a transient event that showed a deliberate attempt to hide the true origin of an APT" in the PRC, so it sounds as though it's very compelling evidence, possibly even beyond a reasonable doubt :-)
Saw an interesting attack recently
I was helping a friend of my daughter. In another state, so I was giving him a tutorial about proxies. Strangely enough his machine was proxying though the PRC and Taiwan, no other apparent infection. Given that his mother apparently worked in a sensitive governmental area well....
Targeted fish -> child
child+usb -> parents computer
parent + usb -> Significant compromise.
It would have been interesting to have been involved with the cleanup of the thing, but 10 to 1 the active payload on the PC would have been minimal since its web access was poisoned...
Can you tell what it is yet?............
Can we have a link to Dell secureworks information on this ... or at least some more in depth info on what the errors would be and where they would show.
What is this the BBC?
Link with details
Maybe he shouldn't have shared that...
Not that openly at least...
Now every bl**dy malware author is aware of the flaw and will be taking action to remedy it.
rE: Maybe he shouldn't have shared that...
It's the eternal dilemma, isn't it? Don't release, but tell the source of the problem and they sit on their hands. Publicise and they have to race to beat the malware authors.
Scene: an office
Scene: an office
Non-IT person: OMFGWTFBBQ111!!1! I found that-there APT stuffs on our network!!!
IT person <sigh>: How did you find it? Show me.
Non-IT person: Look at this-here packet dump:
IT person <sigh> <facepalm>
- Facebook offshores HUGE WAD OF CASH to Caymans - via Ireland
- Microsoft teams up with Feds, Europol in ZeroAccess botnet zombie hunt
- Justin Bieber BEGGED for a $200k RIM JOB – and got REJECTED
- Review Bigger on the inside: WD’s Tardis-like Black² Dual Drive laptop disk
- Inside Steve Ballmer’s fondleslab rear-guard action