Lybia did nothing wrong, this time.
Lybia did nothing wrong
Intelligence Field notes
( WE are THE top "War Intel" Blog.)
A Competitive Intelligence Service.
( Badware preparing to control the net. There is a new WORLD POWER growingin secret on the Internet, and the worldis not prepared. G )
While pervasive, widespread malware attacks like Conficker get all the attention, there's another generation of obscure and dangerous malware that so far is too rare to be considered a threat -- but could provide a hint of things to come.
A common thread among most of these unusual or odd malware samples that typically fly under the radar is that they're all about going after specific information or data, rather than more general attacks that cast a wide net and make the headlines. And the writers of these lesser-known and uncommon malware packages are using new methods to keep the attacks alive longer -- even if it means brazenly attacking researchers who try to study them.
Even so, most attacks over the next five years will still come from the morphing malware variants that are common today, but in higher and higher volumes, experts say. "We're going to have to deal with more volume and attacks. And at the same time, there will be instances of really high quality attacks, where the attackers have thought things through -- and not for a quick buck, but for something sustainable," says Patrik Runald, chief security advisor for F-Secure.
"We'll see more malware families that are technically advanced and stay around for longer periods of time," he says. "Instead of recompiling variants of existing [malware], they will be refined slowly but surely, in a controlled manner" with new features, as Conficker and Torpig were, he says.
Security researchers are seeing some intriguing malware in small pockets. One piece of malware found on a desktop machine during a forensics investigation was actually pre-coded to steal specific information from the victim's organization, says Greg Hoglund, CEO and founder of HBGary, whose company sees about 5,000 new pieces of malware a day. "It knew what it was looking for," he says. And the malware was disposable so that it could disappear without a trace after doing its dirty work.
That's a step up from an advanced method used by some malware writers to "clean up" after they infiltrate a system in order to cover their tracks, according to Hoglund.
Then there was the malware that was written specifically to crawl for, and to steal intellectual property. What was most unusual about the malware is that could crawl different file types -- Excel, PDF, for instance -- for intellectual property to steal, Hoglund says. Then it would encrypt and send the stolen information to its own servers. The malware likely initially infected the machine via a spear-phishing or in a cross-site scripting (XSS) attack, he says.
Another method researchers are seeing emerge are what they call "hack-back" techniques by malware writers. Gunter Ollmann, vice president of research for Damballa, says some malware is being written with built-in functions that allow it to hack a researcher's machine. Fighting back isn't new for malware writers: "Some malware today has the ability to identify if it's being run in a sandbox or virtual environment and then it runs a different process if it detects that" in order to throw off the researchers, he says.
But Ollmann says the "hack-back" feature, where malware can detect if it's being studied by a researcher and then turns around and compromises the researcher's machine, is the next step. "There are hints that it's out there," he says. "I've seen a few discussions on hacker forums that are developing and selling the latest DIY kits that offer this functionality."
He says a few proof-of-concepts have demonstrated how to detect malware in VMware. "Then the attacker could use public exploits for VMware to break out and compromise the researcher's machine," he says.
Some botnet malware wages distributed denial-of-service (DDoS) attacks on researchers if they get too close to the command-and-control (C&C) system. "If you try to reach out to a command and control server without the right credentials, then that C&C may issue commands to the botnet to attack you. It would take the form of a DDoS attack against the enterprise trying to manually connect to the C&C," Ollmann says. "The command and control server can detect the machine isn't one of its bots."
And as in the case of Conficker, the malware can actually blacklist investigators trying to access the botnet server. "So the good guys are being blacklisted," he says. But Ollmann says these types of techniques used by malware writers are still rare. "And it's either very sophisticated cybercrime teams investing a lot of money in it, or tinkerers [trying] new techniques," he says.
Despite all of the hype and attention that went to the Conficker threat, there are still 5 million infected machines out there today, according to F-Secure's count. F-Secure's Runald points to some of the malware features built into the code that make it difficult for researchers to take down Conficker.
Unlike the infamous Storm botnet, Conficker doesn't include an initial seed-list of victims that researchers can ultimately contain. "I'm confident that was a response to the work we were doing ... how they moved to a peer-to-peer command and control, and that Conficker doesn't even contain an initial seed list," he says. "This is a clear example of where they thought things through and had a clear response to anything we threw at them. And that's part of the reason we haven't been able to close them down."
"I fear that in the future, we'll see more malware that is developed in that way to actively" deflect what we throw at it, he says.SOURCE:
Labels: Pakis speak
This file may contain materials which are inappropriate for some users.
To access this file, please confirm you are 18 or older by logging in or signing up
From recon team:
No ads. Google adsense says we "posed a significant risk to our AdWords advertisers"
They were due to pay us 2 morrow. So go figure.
I've appealed that decision.
Personally I reckon we upset someone....
Labels: Google loosing integrity:
Aug. 20 (Bloomberg) -- The host for central bankers attending the Federal Reserve conference this weekend to discuss the financial crisis is a regional Fed chief who’s making waves with his proposal for letting big U.S. banks fail.
Thomas Hoenig, the Kansas City Fed president, will welcome Fed Chairman Ben S. Bernanke, European Central Bank President Jean-Claude Trichet and dozens of other central bankers to the annual symposium in Jackson Hole, Wyoming, starting today. Hoenig said he hopes the gathering will serve as a model for handling crises in the future.
Bernanke has urged Congress to back part of Hoenig’s proposal for dealing with faltering big banks, which would wipe out shareholder equity in any that receive government aid. The Treasury Department’s so-called resolution authority plan, while likely to result in stockholder losses, doesn’t require it.
“Tom is leading the mainstream on this,” said former Fed Governor Lyle Gramley, now senior economic adviser with New York-based Soleil Securities Corp. “He’s ahead of the curve.”
Hoenig, 62, took office in 1991 and is soon to be the longest-serving Fed policy maker. Out of the 12 regional Fed presidents, he is one of two to have served as a head of bank supervision. Hoenig is tougher than his colleagues on inflation, having dissented from interest-rate votes four times since 1995, always for tighter policy.
Alternative to Bailouts
Companies with weak capital or investor confidence shouldn’t be bailed out, Hoenig said in a private talk in Omaha, Nebraska, in March. He said the government instead should declare them insolvent, replace managers, remove the bad assets and require shareholders to take losses. Hoenig broke from his usual practice of speaking from notes on index cards for non- economic comments and released written text entitled “Too Big Has Failed.”
( Feds evidently didn't like the paper, they have blocked copying any
part of the paper, G )
STILL no balls, no one talking about usury reform.
Best stimilus packsge so far $4,500 rebate on autos.
It got many to spend $15,000 to $20,000 for an auto.
Big increase in jobs, helped Greeners, expect $3 back for
every $1 in the rebate program. Good job.
Labels: Jackson Hole Conference
On Monday,President Obama promised to stick with his timetable for withdrawal from Iraq, but he also upped the ante on the conflict in Afghanistan and Pakistan by calling it a "war of necessity" against Al Qaeda and its allies (read: the Taliban). But here's the catch: Al Qaeda has already been evicted from Afghanistan and won't be evicted from northwest Pakistan by anybody other than the Pakistanis themselves (and we're talkingbadlandswhere Islamabad has never exactly had landlord status). That means our current strategy consists of fighting our way through the Afghani Taliban to get to the Pakistani Taliban (and thus, quite frankly, through them to the Pakistani military and intelligence services) to get to Al Qaeda. That, my friends, is called doing it the hard way.
And what would be the end result of the American military pulling off this seeming miracle? Al Qaeda would simply move somewhere else equally off-grid, resurfacing deeper in Central Asia or sub-Saharan Africa, and we'd begin this drones-versus-desperados show all over again in aMatrix-like reboot. Truth be told, absent Pakistan's nukes and its sordid history of sharing such technology,there is no great strategic argument for driving Al Qaeda out of its mountain cave lair. As far as our "machine world" is concerned, there will always be a number of "Zions" out there, demanding their back-to-the-future enclave be respected for what it is: a desire to disconnect from a "corrupt world."
So what will American end up doing? Inevitably, we'll cut deals granting local autonomy not all that different from the one Islamabad recently tried with the Pakistani Taliban. And guess what? Those deals will consistently backfire until the locals — including the so-called moderate Taliban (you know, your baseline misogynists) — decide that harboring Al Qaeda isn't worth the harm frequently visited upon them by outside forces. But even when that distant day comes, expect the Taliban to remain Taliban.
Labels: Afpak paradigm adjustments