lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <2d792fb20803150529y7e1abb9cr462c2b988e86dfe0@mail.gmail.com>
Date: Sat, 15 Mar 2008 14:29:18 +0200
From: "Razi Shaban" <razishaban@...il.com>
To: "worried security" <worriedsecurity@...glemail.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: More High Profile Sites IFRAME Injected

I love the way whenever anything happens, someone always assumes its
some big conspiracy.

--
razi

On 3/15/08, worried security <worriedsecurity@...glemail.com> wrote:
> On Wed, Mar 12, 2008 at 2:51 PM, Dancho Danchev
>  <dancho.danchev@...il.com> wrote:
>  > The ongoing monitoring of this campaign reveals that the group is
>  > continuing to expand the campaign, introducing over a hundred new
>  > bogus .info domains acting as traffic redirection points to the
>  > campaigns hardcoded within the secondary redirection point, in this
>  > case radt.info where a new malware variant of Zlob is attempting to
>  > install though an ActiveX object. Sample domains targeted within the
>  > past 48 hours :
>  >
>  > lib.ncsu.edu; fulldownloads.us; cso.ie; dblife.cs.wisc.edu;
>  > www-history.mcs.st-andrews.ac.uk; ehawaii.gov; timeanddate.com;
>  > boisestate.edu; aoa.gov; gustavus.edu; archive.org;
>  > gsbapps.stanford.edu; bushtorrent.com; ccie.com; uvm.edu; thehipp.org;
>  > mnsu.edu; camajorityreport.com; medicare.gov; usamriid.army.mil
>  >
>  > http://ddanchev.blogspot.com/2008/03/more-high-profile-sites-iframe-injected.html
>  >
>  > Regards
>  > --
>  > Dancho Danchev
>  > Cyber Threats Analyst/Blogger
>  > http://ddanchev.blogspot.com
>  > http://windowsecurity.com/Dancho_Danchev
>
>
>
> i call government involvement...
>
>   <worried> if u are a government who wants an attack highly known
>  about do you A) attack some random blog, or b) attack high profile
>  news website?
>
>  <worried> if are a gov who wants an attack highly known about,written
>  about by the biggest technology sites, and investigated by everybody
>  whos interested in security
>
>  <worried> an unknown blog or a high profile news website
>
>  <worried> a normal hacker would not do whats been done
>
>  <worried> just to get some gay passwords
>
>  <worried> this is the gov with a politcal agenda
>
>  <worried> their not normal hackers they are state sponsored or are the
>  actual us-gov
>
>  <worried> normal hackers who want passwords do not hack cnet asia,
>  they want their attack to be unfound as long as possible
>
>  <worried> a normal hacker would not do whats been done
>
>  <worried> just to get some gay passwords for world of warcraft
>
>  <worried> why would a normal hacker who jsut wants a few gaming
>  passwords hack a news site ?
>
>   <worried> i would not want the media's attention or the global
>  security research community knowing what i was doing, i would at all
>  costs do everything possible to make sure news websites like cnet did
>  not get infected
>
>  <cryptowave> i've just spent the last several hours doing malware
>  analysis that links back to china
>
>  <worried> americans would make an attack link back to china
>
>  <cryptowave> well, they are pretty convincing when every thing points
>  back to china
>
>  <cryptowave> domains registered there, ip located there, code with chinese
>
>   <cryptowave> and they used chinese dollars to register the domains?
>
>   <cryptowave> and used chinese email addresses too
>
>  <worried> yes, all bases would be covered
>
>  <worried> proper gov hackers know ppl like u are going to check
>  details like that
>
>  <worried> they put it on a high profile technology news website to
>  make sure the attack was covered by internet news and the thing they
>  wanted the security experts to find is the chinese connection
>
>  <cryptowave> you don't need to write your code in chinese, register
>  your domains via chinese registrars, use a chinese email address, etc
>
>  <worried> western goverment hackers or western state sponsored hackers
>  would go that far to convince everyone.
>
>  <cryptowave> worried: you're jumping to conclusions ;)
>
>  <worried> whoever is behind this wanted the attack to be known about
>  and investigated with the core objective that the blame is on china
>
>  <worried> and funnily enough the western gov world has a political
>  agenda on that very topic right now, coincidence?
>
>  <worried> the fact cnet asia,trend micro was hacked makes me highly
>  suspicious of government involvement, normal hackers who just want a
>  few gay gaming passwords, they would be the last people they would
>  hack.
>
>  <worried> this is political, this is done by the government to further
>  bring public notice about chinese hackers as a pretext to ramp up the
>  need for cyber commands, convince the whitehouse about offensive cyber
>  security funding etc etc and the joe average middle american who dont
>  know anything about the internet.
>
>  these are my conspiracy theories, good bye dancho. what i say is
>  probably bullshit, but you've got to wonder why the high profile
>  sites, especially the biggest technology journalist site and anti
>  virus site was hacked, why would a normal hacker do this for gay
>  passwords?, all the benefits and rewards from this would be a
>  government wanting an attack investigated that links back to china.
>  our supposed number one cyber enemy, according to western super
>  powers. they hacked cnet asia to make sure the asian news were
>  covering the attack as well, to make sure the eventual finding of the
>  china link was known by the public in asia as well.
>
>  there is more to this than meets the eye of just normal hackers trying
>  to get passwords, because of the type of the first websites which were
>  hacked.
>
>  a government here is wanting maximum publicity, thats not something
>  small time hackers trying to get world of warcraft passwords want.
>
>  there is a political game going on here that i don't understand, this
>  isn't just a case of teeny boppers wanting passwords, something else
>  is a foot.
>
>
>  _______________________________________________
>  Full-Disclosure - We believe in it.
>  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>  Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ