I love the way whenever anything happens, someone always assumes its some big conspiracy.
-- razi On 3/15/08, worried security <[EMAIL PROTECTED]> wrote: > On Wed, Mar 12, 2008 at 2:51 PM, Dancho Danchev > <[EMAIL PROTECTED]> wrote: > > The ongoing monitoring of this campaign reveals that the group is > > continuing to expand the campaign, introducing over a hundred new > > bogus .info domains acting as traffic redirection points to the > > campaigns hardcoded within the secondary redirection point, in this > > case radt.info where a new malware variant of Zlob is attempting to > > install though an ActiveX object. Sample domains targeted within the > > past 48 hours : > > > > lib.ncsu.edu; fulldownloads.us; cso.ie; dblife.cs.wisc.edu; > > www-history.mcs.st-andrews.ac.uk; ehawaii.gov; timeanddate.com; > > boisestate.edu; aoa.gov; gustavus.edu; archive.org; > > gsbapps.stanford.edu; bushtorrent.com; ccie.com; uvm.edu; thehipp.org; > > mnsu.edu; camajorityreport.com; medicare.gov; usamriid.army.mil > > > > > http://ddanchev.blogspot.com/2008/03/more-high-profile-sites-iframe-injected.html > > > > Regards > > -- > > Dancho Danchev > > Cyber Threats Analyst/Blogger > > http://ddanchev.blogspot.com > > http://windowsecurity.com/Dancho_Danchev > > > > i call government involvement... > > <worried> if u are a government who wants an attack highly known > about do you A) attack some random blog, or b) attack high profile > news website? > > <worried> if are a gov who wants an attack highly known about,written > about by the biggest technology sites, and investigated by everybody > whos interested in security > > <worried> an unknown blog or a high profile news website > > <worried> a normal hacker would not do whats been done > > <worried> just to get some gay passwords > > <worried> this is the gov with a politcal agenda > > <worried> their not normal hackers they are state sponsored or are the > actual us-gov > > <worried> normal hackers who want passwords do not hack cnet asia, > they want their attack to be unfound as long as possible > > <worried> a normal hacker would not do whats been done > > <worried> just to get some gay passwords for world of warcraft > > <worried> why would a normal hacker who jsut wants a few gaming > passwords hack a news site ? > > <worried> i would not want the media's attention or the global > security research community knowing what i was doing, i would at all > costs do everything possible to make sure news websites like cnet did > not get infected > > <cryptowave> i've just spent the last several hours doing malware > analysis that links back to china > > <worried> americans would make an attack link back to china > > <cryptowave> well, they are pretty convincing when every thing points > back to china > > <cryptowave> domains registered there, ip located there, code with chinese > > <cryptowave> and they used chinese dollars to register the domains? > > <cryptowave> and used chinese email addresses too > > <worried> yes, all bases would be covered > > <worried> proper gov hackers know ppl like u are going to check > details like that > > <worried> they put it on a high profile technology news website to > make sure the attack was covered by internet news and the thing they > wanted the security experts to find is the chinese connection > > <cryptowave> you don't need to write your code in chinese, register > your domains via chinese registrars, use a chinese email address, etc > > <worried> western goverment hackers or western state sponsored hackers > would go that far to convince everyone. > > <cryptowave> worried: you're jumping to conclusions ;) > > <worried> whoever is behind this wanted the attack to be known about > and investigated with the core objective that the blame is on china > > <worried> and funnily enough the western gov world has a political > agenda on that very topic right now, coincidence? > > <worried> the fact cnet asia,trend micro was hacked makes me highly > suspicious of government involvement, normal hackers who just want a > few gay gaming passwords, they would be the last people they would > hack. > > <worried> this is political, this is done by the government to further > bring public notice about chinese hackers as a pretext to ramp up the > need for cyber commands, convince the whitehouse about offensive cyber > security funding etc etc and the joe average middle american who dont > know anything about the internet. > > these are my conspiracy theories, good bye dancho. what i say is > probably bullshit, but you've got to wonder why the high profile > sites, especially the biggest technology journalist site and anti > virus site was hacked, why would a normal hacker do this for gay > passwords?, all the benefits and rewards from this would be a > government wanting an attack investigated that links back to china. > our supposed number one cyber enemy, according to western super > powers. they hacked cnet asia to make sure the asian news were > covering the attack as well, to make sure the eventual finding of the > china link was known by the public in asia as well. > > there is more to this than meets the eye of just normal hackers trying > to get passwords, because of the type of the first websites which were > hacked. > > a government here is wanting maximum publicity, thats not something > small time hackers trying to get world of warcraft passwords want. > > there is a political game going on here that i don't understand, this > isn't just a case of teeny boppers wanting passwords, something else > is a foot. > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
