Malware "best practices"

Tom Buskey tom at buskey.name
Thu Jul 27 09:11:02 EDT 2006 

On 7/26/06, Chris Brenton <cbrenton at chrisbrenton.org> wrote:
>
>
> Agreed, but the cost was distributed. I think you would be hard pressed
> to find anyone that went out of business solely because of Slammer. Due
> to modern spear virus attacks I've seen:
>
> * R&D documentation worth multi-millions stolen and end up at a
> competitor.
> * Personal client information stolen and then company blackmailed into
> to paying up to keep it from being released.
> * Sensitive government information extracted by hostile nations.
>
> There's been more, but you get the idea. This stuff is nasty.
>
> So the old AV model was to mass infect as many people as possible and
> brag to your friends. Sure we are still seeing that today, but its
> mostly kiddies with more ego than skills. The cost of recovery from
> these attacks is relatively minimal.
>
> The modern AV model is to leverage virus writing skills as a business
> solution. These folks make good money by attacking networks and either
> blackmailing the target or selling what they've extracted. Sometimes its
> work for hire and sometimes it appears to be freelance. Either way the
> cost of recovery from one of these attacks can be much higher, and I
> have in fact seen folks go under.
>
> >   *Very* interesting.  Can you speak more on this, or give pointers to
> > published info?
>
> There have been a number of variations, just to point out a few:
> http://www.niscc.gov.uk/niscc/docs/ttea.pdf
>
> The DoD was hit with a spear phishing attack about 6 months back that
> claimed to be a heads up on a new Windows vulnerability. The download
> was actually a call home Trojan to which no AV vendor had a signature.


Anyone read some of the Cyberpunk science fiction.  Specifically by William
Gibson?

In one of his stories/novels they want to get a physical item out of a vault
in the building.  One group seeds a virus that affects the alarm and
security system.  Another affects the computers and sends out mail saying
there's Anthrax or something like that in the ventilation.  The phone system
is activated to announce evacuation.  The alarms go off along with lights.
Random doors get locked.  One group then enters and releases a hallucigen
into the ventilation system.  There's panic in the building.

Today, phone systems are pretty much insecure.  Some security systems use
the same network as everything else.  I wouldn't be surprised to see
something like the above in the next 5 years.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20060727/021816e6/attachment.html

More information about the gnhlug-discuss mailing list