lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <6aa1d39f1001221957u4f95d784q1b57f8aff40738da@mail.gmail.com>
Date: Fri, 22 Jan 2010 19:57:58 -0800
From: Marc Maiffret <marc@...cmaiffret.com>
To: Full-Disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: CVE-2010-0249 in the wild

And one has to wonder what exactly it means if anything that some of
the exploits involved are dropping malware that installs and
manipulates your web browsing experience to be geared towards
Sogou.com, a distasteful Google knock off in China. More than that
though they even install Sogou Explorer which appears to be a Google
Chrome like, but yet again clunky, knock off.

So is it attackers that just happen to really love Sogou and want to
share it with the world? Criminals doing it to make money off of Sogou
browser install referral programs? (If they have such a thing.)
Chinese company looking to expand its market share through hacking?
And if so is there government support for such a program? And if so
again then how does Baidu feel about that? Or something else entirely
making this a completely moot point to begin with? Inquiring minds
want to know...

It is funny to me the hax0r cool biological warfare (since people love
to compare the two, bleh.) aspect of these attacks originating,
supposedly, from a country whose population is more susceptible to
compromise than that of the target. That is of course at least more
easily susceptible given the prevalence and reliability of IE 6
exploits vs. other IE versions. With China having an estimated 60%[1]
of browsers on IE6 vs. 12% in the U.S. Not to imply further as to a
country being the culprit. In that vein though you do have to find the
irony that unlike physical warfare, where a dropped bomb is a dead
bomb,  here in cyberspace you can drop a bomb that can then be tossed
back at you more effectively than your original.

Signed,
Marc Maiffret
Chief Security Architect
FireEye, Inc.
http://www.FireEye.com

[1] - http://gs.statcounter.com/#browser_version-CN-daily-20080701-20100119-bar

On Fri, Jan 22, 2010 at 2:41 PM, exploit dev <extraexploit@...il.com> wrote:
> Hi to all,
>
> i have just updated the list of URL that spreading stuff through
> cve-2010-0249. If you are interested check:
>
> http://extraexploit.blogspot.com/2010/01/cve-2010-0249-in-wild-xx2228866org-and.html
>
> --
> http://extraexploit.blogspot.com
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ