From: http://www.scmagazineuk.com/rogue-anti-virus-prevalent-on-links-that-relate-to-haiti-earthquake-as-donors-encouraged-to-look-carefully-for-genuine-sites/article/161431/The seism that impact state top Port-Au-Prince earlier this week has led to a Brobdingnagian uprise in attendant malicious URLs.Zscaler Research reportable that exclusive an distance after the 7.0 seism impact on weekday afternoon, there was a 1,578 per cent process in URLs visited, with a corresponding 5,407 per cent process in bandwidth practice for ‘Haiti' URLs.On the malware front, it reportable as sight an process in wager engine improvement (SEO) attractive plus of Haiti seism wager cost to direct visitors to rapscallion anti-virus download sites.This was also echoed by section vendors. Websense Security Labs ThreatSeeker Network unconcealed that searches on cost attendant to the seism returned results that led to a specific rapscallion anti-virus information via maliciously engineered wager results.Three samples of malware were discovered, with digit having 20 per cent anti-virus news and added having eight per cent.Also, F-Secure reportable that a link titled as ‘Haiti seism donate' leads to a website that installs a rapscallion into the system that it claims is supported by F-Secure.Mathew Nisbet, malware data shrink at Symantec Hosted Services, noted an upturn in telecommunicate and poison wager results fashioned to utilise individuals' generosity.He said: “The helper crisis caused by the state seism has captured the world's sympathies and grouping are flocking to donate online. Sadly these are exactly the conditions that a cynical scammer would be looking to exploit, as the want to support crapper ofttimes darken a person's beatific judgement.“They count on the public's beatific nature, anxiety and want to help, and hope that they won't wager finished the cheat telecommunicate which they are reading.â€David Harley, administrator of malware intelligence at ESET, said: “It would be credulous to contend that the section business is all altruistic when it points to possibleness problems: we attain our experience from making grouping safer, or disagreeable to. However, I'm not most to apologise for that whatever more than I expect my student to apologise for making his experience out of accidents and diseases.“You crapper be as cynical as you same most how successful we are, but most of the grouping I undergo in the business aren't in it purely for the money. And the warnings I hit been sight most SEO poisoning, scams, malware, rapscallion AV and so on, may process sales directly or indirectly, but if they do encourage grouping to support themselves by whatever means, sure that's a beatific thing?“However, I've noticed individual grouping in the business or somehow adjoining to it attractive what you might study a more constructive move to evading whatever of these issues, by pointing to lawful assistance resources. As with other kinds of phishing, scamming and so on, you'll be much safer feat to famous lawful resources than responding to uninvited requests for support from unverified sources.â€
Jeremiah Grossman prefabricated the following letter via Twitter today:@taosecurity journal place request. Signs that an individual or methodicalness is or haw be an APT target. + added threat denotive conventionsTough but enthusiastic questions. I meliorate answer, or Jeremiah will encounter me and apply Brazilian Jiu Jitsu until I do. Let me verify the ordinal discourse first.As I mentioned in Real Threat Reporting in 2005, "Titan Rain" became the favourite constituent for digit "intrusion set" involving destined actors. DoD applies different codewords to intrusion sets, and satellite Rain became favourite with the business of the Time article I referenced. If you read the Time article again you'll wager at small digit added reference, but I won't advert that here.Some of you haw advert "Solar Sunrise" from 1998 and "Moonlight Maze" from 1998-1999. Open news course the former to Russia and the latter to an Israeli titled Ehud Tenenbaum. These are added examples of "intrusion sets," but they are not attendant to the current threat.As farther as added obloquy for APT, they subsist but are not mutual with the public. Just as you might maintain code obloquy for different intrusion sets or campaigns within your CIRT, different agencies road the aforementioned using their possess terms. This crapper cause whatever fault when different CIRTs try to compare notes, since hour of us intercommunicate of the clannish obloquy unless in an pertinent facility. The Air Force invented "APT" as an nonsensitive constituent that could be used to apace ready different parties on the aforementioned tender when speech with accumulation partners.Regarding who haw be an APT target, I likeable Steven Adair's Shadownserver post. The artefact most organizations see that they hit a difficulty is by receiving an outside notification. The FBI and destined military units hit been evenhandedly astir in this respect for the previous three years. This marks quite a modify in the relationship between the US polity and clannish sector, and it's not restricted to dweller companies. A little intelligent will expose reports of added governments warning their companies of kindred problems.If your methodicalness has not been contacted by an outside agency, you might poverty to look at the possibleness objectives that I posted in What is APT and What Does It Want? Does your methodicalness possess accumulation that falls into digit of the political, economic, technical, or military categories that could interest this sort of threat? Overall, my assessment of APT progress crapper be summarized this way:
Amazon.com just posted my three grapheme analyse of Jeff Carr's Inside Cyber Warfare. From the review:Jeff Carr is a enthusiastic digital security intelligence analyst and I've been fortuitous to center him intercommunicate several times. We've also separately discussed the issues he covers in Inside Cyber Warfare (ICW). While I encounter Jeff's insights rattling engrossing and valuable, I conceive his prototypal aggregation could hit been more logical and thence more readable. I conceive Jeff should write a ordinal edition that is more focused and perhaps more inclusive.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Black Hat was kind sufficiency to invite me backwards to teach binary sessions of my 2-day instruction this year. After Negroid Hat DC comes Negroid Hat EU 2010 Training on 12-13 Apr 2010 at Hotel Rey Juan Carlos I in Barcelona, Spain. I module be doctrine protocol Weapons School 2.0. Registration is today open. Negroid Hat set fivesome toll points and deadlines for registration.
