[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <67ea64530803150144q2c9a548bhdd82d26903303e14@mail.gmail.com>
Date: Sat, 15 Mar 2008 08:44:29 +0000
From: "worried security" <worriedsecurity@...glemail.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: More High Profile Sites IFRAME Injected
On Wed, Mar 12, 2008 at 2:51 PM, Dancho Danchev
<dancho.danchev@...il.com> wrote:
> The ongoing monitoring of this campaign reveals that the group is
> continuing to expand the campaign, introducing over a hundred new
> bogus .info domains acting as traffic redirection points to the
> campaigns hardcoded within the secondary redirection point, in this
> case radt.info where a new malware variant of Zlob is attempting to
> install though an ActiveX object. Sample domains targeted within the
> past 48 hours :
>
> lib.ncsu.edu; fulldownloads.us; cso.ie; dblife.cs.wisc.edu;
> www-history.mcs.st-andrews.ac.uk; ehawaii.gov; timeanddate.com;
> boisestate.edu; aoa.gov; gustavus.edu; archive.org;
> gsbapps.stanford.edu; bushtorrent.com; ccie.com; uvm.edu; thehipp.org;
> mnsu.edu; camajorityreport.com; medicare.gov; usamriid.army.mil
>
> http://ddanchev.blogspot.com/2008/03/more-high-profile-sites-iframe-injected.html
>
> Regards
> --
> Dancho Danchev
> Cyber Threats Analyst/Blogger
> http://ddanchev.blogspot.com
> http://windowsecurity.com/Dancho_Danchev
i call government involvement...
<worried> if u are a government who wants an attack highly known
about do you A) attack some random blog, or b) attack high profile
news website?
<worried> if are a gov who wants an attack highly known about,written
about by the biggest technology sites, and investigated by everybody
whos interested in security
<worried> an unknown blog or a high profile news website
<worried> a normal hacker would not do whats been done
<worried> just to get some gay passwords
<worried> this is the gov with a politcal agenda
<worried> their not normal hackers they are state sponsored or are the
actual us-gov
<worried> normal hackers who want passwords do not hack cnet asia,
they want their attack to be unfound as long as possible
<worried> a normal hacker would not do whats been done
<worried> just to get some gay passwords for world of warcraft
<worried> why would a normal hacker who jsut wants a few gaming
passwords hack a news site ?
<worried> i would not want the media's attention or the global
security research community knowing what i was doing, i would at all
costs do everything possible to make sure news websites like cnet did
not get infected
<cryptowave> i've just spent the last several hours doing malware
analysis that links back to china
<worried> americans would make an attack link back to china
<cryptowave> well, they are pretty convincing when every thing points
back to china
<cryptowave> domains registered there, ip located there, code with chinese
<cryptowave> and they used chinese dollars to register the domains?
<cryptowave> and used chinese email addresses too
<worried> yes, all bases would be covered
<worried> proper gov hackers know ppl like u are going to check
details like that
<worried> they put it on a high profile technology news website to
make sure the attack was covered by internet news and the thing they
wanted the security experts to find is the chinese connection
<cryptowave> you don't need to write your code in chinese, register
your domains via chinese registrars, use a chinese email address, etc
<worried> western goverment hackers or western state sponsored hackers
would go that far to convince everyone.
<cryptowave> worried: you're jumping to conclusions ;)
<worried> whoever is behind this wanted the attack to be known about
and investigated with the core objective that the blame is on china
<worried> and funnily enough the western gov world has a political
agenda on that very topic right now, coincidence?
<worried> the fact cnet asia,trend micro was hacked makes me highly
suspicious of government involvement, normal hackers who just want a
few gay gaming passwords, they would be the last people they would
hack.
<worried> this is political, this is done by the government to further
bring public notice about chinese hackers as a pretext to ramp up the
need for cyber commands, convince the whitehouse about offensive cyber
security funding etc etc and the joe average middle american who dont
know anything about the internet.
these are my conspiracy theories, good bye dancho. what i say is
probably bullshit, but you've got to wonder why the high profile
sites, especially the biggest technology journalist site and anti
virus site was hacked, why would a normal hacker do this for gay
passwords?, all the benefits and rewards from this would be a
government wanting an attack investigated that links back to china.
our supposed number one cyber enemy, according to western super
powers. they hacked cnet asia to make sure the asian news were
covering the attack as well, to make sure the eventual finding of the
china link was known by the public in asia as well.
there is more to this than meets the eye of just normal hackers trying
to get passwords, because of the type of the first websites which were
hacked.
a government here is wanting maximum publicity, thats not something
small time hackers trying to get world of warcraft passwords want.
there is a political game going on here that i don't understand, this
isn't just a case of teeny boppers wanting passwords, something else
is a foot.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists