lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <b25f08e40803150549l188708f0t73a104efc90e779b@mail.gmail.com>
Date: Sat, 15 Mar 2008 18:19:09 +0530
From: taneja.security@...il.com
To: full-disclosure@...ts.grok.org.uk
Subject: Re: More High Profile Sites IFRAME Injected

ya, it's political game over playing by the gov agencies to pinpoint  CHINA
where
these issues are not covered by their law at all. I aware lots of
undergrounds attacks where hackers
were hired specially for this purpose but due to gov involvement it's just a
game "wait and watch"

Taneja Vikas

http://www.annysoft.com


On 3/15/08, Razi Shaban <razishaban@...il.com> wrote:
>
> I love the way whenever anything happens, someone always assumes its
> some big conspiracy.
>
> --
> razi
>
> On 3/15/08, worried security <worriedsecurity@...glemail.com> wrote:
> > On Wed, Mar 12, 2008 at 2:51 PM, Dancho Danchev
> >  <dancho.danchev@...il.com> wrote:
> >  > The ongoing monitoring of this campaign reveals that the group is
> >  > continuing to expand the campaign, introducing over a hundred new
> >  > bogus .info domains acting as traffic redirection points to the
> >  > campaigns hardcoded within the secondary redirection point, in this
> >  > case radt.info where a new malware variant of Zlob is attempting to
> >  > install though an ActiveX object. Sample domains targeted within the
> >  > past 48 hours :
> >  >
> >  > lib.ncsu.edu; fulldownloads.us; cso.ie; dblife.cs.wisc.edu;
> >  > www-history.mcs.st-andrews.ac.uk; ehawaii.gov; timeanddate.com;
> >  > boisestate.edu; aoa.gov; gustavus.edu; archive.org;
> >  > gsbapps.stanford.edu; bushtorrent.com; ccie.com; uvm.edu; thehipp.org
> ;
> >  > mnsu.edu; camajorityreport.com; medicare.gov; usamriid.army.mil
> >  >
> >  >
> http://ddanchev.blogspot.com/2008/03/more-high-profile-sites-iframe-injected.html
> >  >
> >  > Regards
> >  > --
> >  > Dancho Danchev
> >  > Cyber Threats Analyst/Blogger
> >  > http://ddanchev.blogspot.com
> >  > http://windowsecurity.com/Dancho_Danchev
> >
> >
> >
> > i call government involvement...
> >
> >   <worried> if u are a government who wants an attack highly known
> >  about do you A) attack some random blog, or b) attack high profile
> >  news website?
> >
> >  <worried> if are a gov who wants an attack highly known about,written
> >  about by the biggest technology sites, and investigated by everybody
> >  whos interested in security
> >
> >  <worried> an unknown blog or a high profile news website
> >
> >  <worried> a normal hacker would not do whats been done
> >
> >  <worried> just to get some gay passwords
> >
> >  <worried> this is the gov with a politcal agenda
> >
> >  <worried> their not normal hackers they are state sponsored or are the
> >  actual us-gov
> >
> >  <worried> normal hackers who want passwords do not hack cnet asia,
> >  they want their attack to be unfound as long as possible
> >
> >  <worried> a normal hacker would not do whats been done
> >
> >  <worried> just to get some gay passwords for world of warcraft
> >
> >  <worried> why would a normal hacker who jsut wants a few gaming
> >  passwords hack a news site ?
> >
> >   <worried> i would not want the media's attention or the global
> >  security research community knowing what i was doing, i would at all
> >  costs do everything possible to make sure news websites like cnet did
> >  not get infected
> >
> >  <cryptowave> i've just spent the last several hours doing malware
> >  analysis that links back to china
> >
> >  <worried> americans would make an attack link back to china
> >
> >  <cryptowave> well, they are pretty convincing when every thing points
> >  back to china
> >
> >  <cryptowave> domains registered there, ip located there, code with
> chinese
> >
> >   <cryptowave> and they used chinese dollars to register the domains?
> >
> >   <cryptowave> and used chinese email addresses too
> >
> >  <worried> yes, all bases would be covered
> >
> >  <worried> proper gov hackers know ppl like u are going to check
> >  details like that
> >
> >  <worried> they put it on a high profile technology news website to
> >  make sure the attack was covered by internet news and the thing they
> >  wanted the security experts to find is the chinese connection
> >
> >  <cryptowave> you don't need to write your code in chinese, register
> >  your domains via chinese registrars, use a chinese email address, etc
> >
> >  <worried> western goverment hackers or western state sponsored hackers
> >  would go that far to convince everyone.
> >
> >  <cryptowave> worried: you're jumping to conclusions ;)
> >
> >  <worried> whoever is behind this wanted the attack to be known about
> >  and investigated with the core objective that the blame is on china
> >
> >  <worried> and funnily enough the western gov world has a political
> >  agenda on that very topic right now, coincidence?
> >
> >  <worried> the fact cnet asia,trend micro was hacked makes me highly
> >  suspicious of government involvement, normal hackers who just want a
> >  few gay gaming passwords, they would be the last people they would
> >  hack.
> >
> >  <worried> this is political, this is done by the government to further
> >  bring public notice about chinese hackers as a pretext to ramp up the
> >  need for cyber commands, convince the whitehouse about offensive cyber
> >  security funding etc etc and the joe average middle american who dont
> >  know anything about the internet.
> >
> >  these are my conspiracy theories, good bye dancho. what i say is
> >  probably bullshit, but you've got to wonder why the high profile
> >  sites, especially the biggest technology journalist site and anti
> >  virus site was hacked, why would a normal hacker do this for gay
> >  passwords?, all the benefits and rewards from this would be a
> >  government wanting an attack investigated that links back to china.
> >  our supposed number one cyber enemy, according to western super
> >  powers. they hacked cnet asia to make sure the asian news were
> >  covering the attack as well, to make sure the eventual finding of the
> >  china link was known by the public in asia as well.
> >
> >  there is more to this than meets the eye of just normal hackers trying
> >  to get passwords, because of the type of the first websites which were
> >  hacked.
> >
> >  a government here is wanting maximum publicity, thats not something
> >  small time hackers trying to get world of warcraft passwords want.
> >
> >  there is a political game going on here that i don't understand, this
> >  isn't just a case of teeny boppers wanting passwords, something else
> >  is a foot.
> >
> >
> >  _______________________________________________
> >  Full-Disclosure - We believe in it.
> >  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >  Hosted and sponsored by Secunia - http://secunia.com/
> >
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ