Street address..
From the white paper:
"The email address was used to register a domain name for a personal blog about software development with a Beijing street address."
Tad careless perhaps or a piece of deliberate misdirection?
Securo-boffins uncover new GLOBAL cyber-espionage operation
Government ministries, technology firms, media outlets, academic research institutions and non-governmental organisations have all fallen victim to an ongoing cyberespionage operation with tendrils all over the world, according to researchers. Infosec researchers have uncovered SafeNet in as many as 100 countries. SafeNet …
-
Monday 20th May 2013 16:27 GMT bonkers
cache poisoning
Well, whist the malware does sometimes install itself into a directory called "safenet" (see copied text below), I think its a bit naughty to seize upon this for a name, it's a form of cache poisoning, despite the grovelling disclaimer. An internal name whilst it was being researched, fine, but someone should have pulled it out of the publication and kept the normal academic respect. Can you imagine if they had reason to call it MSword, or iTune?
The malware creators used the term "safenet" as a decoy and this should not be perpetuated.
here is what it does:
If User Account Control (UAC) is active, SafeExt.dll will be injected into
explorer.exe. Otherwise, the file is copied to %Program Files%\Internet
Explorer\SafeNet\ and registered as a Browser Helper Object (BHO).
-
Monday 20th May 2013 20:26 GMT bonkers
Re: cache poisoning
sorry, that was bollocks.
I just read the paper properly, the researchers call it "the Safe campaign" and do not mention safenet except as a directory name. The disclaimer is simply to apologise for having to use the word, the report has to mention where the thing installs itself.
-
-
-
Tuesday 21st May 2013 03:39 GMT Wzrd1
Re: Vulnerability fixed last year.
When I was doing information assurance for the US DoD, if I didn't have every system on the installation patched within 10 days of a patch being approved by DISA, I had to explain to a rather irritated General why the systems weren't patched and vulnerable.
Fortunately, that was a vanishingly rare occurrence. I had more often, false positives in the vulnerability scanner, which I addressed directly with the vendor.
Fortunately, most of those false positives plagued all installations and the vendor fixed their test for those vulnerabilities in a matter of a few days.
I did somewhat disappoint that General once though.
Me: No, sir, that's not going to happen here.
Gen: Erm, excuse me? Why not?
Me: I have no budget to implement that many additional card readers and my client organizations also don't have the budget to purchase those additional card readers. Hence, we are unable to implement that at this time.
Gen: So, you need card readers?
Me: Yes, sir.
Two days later, I had a box with double the number required of card readers and two USB hard drives (which were forbidden at the time on the network, due to a Chinese government attack that was quite expensive and successful. I was instructed to get those *@&! drives off of the base.
They're my portable storage now. :)
-
Tuesday 21st May 2013 10:00 GMT John Smith 19
Re: Vulnerability fixed last year.
"When I was doing information assurance for the US DoD, if I didn't have every system on the installation patched within 10 days of a patch being approved by DISA, I had to explain to a rather irritated General why the systems weren't patched and vulnerable."
It sounds like you ran a tight ship.
The trouble is what sort of operation does everyone else run?
Unless your network is completely disconnected from other sites and other organizations you're as vulnerable as the least secure of those entities. They might be substantially more lax.
It's a dreadful old cliche but network security is everyone's business.
-
Tuesday 21st May 2013 12:30 GMT Robert Helpmann??
Re: Vulnerability fixed last year.
The trouble is what sort of operation does everyone else run? Unless your network is completely disconnected from other sites and other organizations you're as vulnerable as the least secure of those entities.
I'll give you a hint: if you throw in laptops and allow people to work from home, you will be lucky to achieve 90% compliance within 1 month. As far as physically disconnecting networks from the rest of the world, even that isn't enough. I am sure everyone has heard of Stuxnet and how it made it past an air-gap. Also, mention the word "spillage" to IA types in the US and watch their reaction - it's great fun. The greatest vulnerability cannot be patched: people.
-
-
-
This topic is closed for new posts.
Biting the hand that feeds IT
