ya, it's political game over playing by the gov agencies to pinpoint CHINA where these issues are not covered by their law at all. I aware lots of undergrounds attacks where hackers were hired specially for this purpose but due to gov involvement it's just a game "wait and watch"
Taneja Vikas http://www.annysoft.com On 3/15/08, Razi Shaban <[EMAIL PROTECTED]> wrote: > > I love the way whenever anything happens, someone always assumes its > some big conspiracy. > > -- > razi > > On 3/15/08, worried security <[EMAIL PROTECTED]> wrote: > > On Wed, Mar 12, 2008 at 2:51 PM, Dancho Danchev > > <[EMAIL PROTECTED]> wrote: > > > The ongoing monitoring of this campaign reveals that the group is > > > continuing to expand the campaign, introducing over a hundred new > > > bogus .info domains acting as traffic redirection points to the > > > campaigns hardcoded within the secondary redirection point, in this > > > case radt.info where a new malware variant of Zlob is attempting to > > > install though an ActiveX object. Sample domains targeted within the > > > past 48 hours : > > > > > > lib.ncsu.edu; fulldownloads.us; cso.ie; dblife.cs.wisc.edu; > > > www-history.mcs.st-andrews.ac.uk; ehawaii.gov; timeanddate.com; > > > boisestate.edu; aoa.gov; gustavus.edu; archive.org; > > > gsbapps.stanford.edu; bushtorrent.com; ccie.com; uvm.edu; thehipp.org > ; > > > mnsu.edu; camajorityreport.com; medicare.gov; usamriid.army.mil > > > > > > > http://ddanchev.blogspot.com/2008/03/more-high-profile-sites-iframe-injected.html > > > > > > Regards > > > -- > > > Dancho Danchev > > > Cyber Threats Analyst/Blogger > > > http://ddanchev.blogspot.com > > > http://windowsecurity.com/Dancho_Danchev > > > > > > > > i call government involvement... > > > > <worried> if u are a government who wants an attack highly known > > about do you A) attack some random blog, or b) attack high profile > > news website? > > > > <worried> if are a gov who wants an attack highly known about,written > > about by the biggest technology sites, and investigated by everybody > > whos interested in security > > > > <worried> an unknown blog or a high profile news website > > > > <worried> a normal hacker would not do whats been done > > > > <worried> just to get some gay passwords > > > > <worried> this is the gov with a politcal agenda > > > > <worried> their not normal hackers they are state sponsored or are the > > actual us-gov > > > > <worried> normal hackers who want passwords do not hack cnet asia, > > they want their attack to be unfound as long as possible > > > > <worried> a normal hacker would not do whats been done > > > > <worried> just to get some gay passwords for world of warcraft > > > > <worried> why would a normal hacker who jsut wants a few gaming > > passwords hack a news site ? > > > > <worried> i would not want the media's attention or the global > > security research community knowing what i was doing, i would at all > > costs do everything possible to make sure news websites like cnet did > > not get infected > > > > <cryptowave> i've just spent the last several hours doing malware > > analysis that links back to china > > > > <worried> americans would make an attack link back to china > > > > <cryptowave> well, they are pretty convincing when every thing points > > back to china > > > > <cryptowave> domains registered there, ip located there, code with > chinese > > > > <cryptowave> and they used chinese dollars to register the domains? > > > > <cryptowave> and used chinese email addresses too > > > > <worried> yes, all bases would be covered > > > > <worried> proper gov hackers know ppl like u are going to check > > details like that > > > > <worried> they put it on a high profile technology news website to > > make sure the attack was covered by internet news and the thing they > > wanted the security experts to find is the chinese connection > > > > <cryptowave> you don't need to write your code in chinese, register > > your domains via chinese registrars, use a chinese email address, etc > > > > <worried> western goverment hackers or western state sponsored hackers > > would go that far to convince everyone. > > > > <cryptowave> worried: you're jumping to conclusions ;) > > > > <worried> whoever is behind this wanted the attack to be known about > > and investigated with the core objective that the blame is on china > > > > <worried> and funnily enough the western gov world has a political > > agenda on that very topic right now, coincidence? > > > > <worried> the fact cnet asia,trend micro was hacked makes me highly > > suspicious of government involvement, normal hackers who just want a > > few gay gaming passwords, they would be the last people they would > > hack. > > > > <worried> this is political, this is done by the government to further > > bring public notice about chinese hackers as a pretext to ramp up the > > need for cyber commands, convince the whitehouse about offensive cyber > > security funding etc etc and the joe average middle american who dont > > know anything about the internet. > > > > these are my conspiracy theories, good bye dancho. what i say is > > probably bullshit, but you've got to wonder why the high profile > > sites, especially the biggest technology journalist site and anti > > virus site was hacked, why would a normal hacker do this for gay > > passwords?, all the benefits and rewards from this would be a > > government wanting an attack investigated that links back to china. > > our supposed number one cyber enemy, according to western super > > powers. they hacked cnet asia to make sure the asian news were > > covering the attack as well, to make sure the eventual finding of the > > china link was known by the public in asia as well. > > > > there is more to this than meets the eye of just normal hackers trying > > to get passwords, because of the type of the first websites which were > > hacked. > > > > a government here is wanting maximum publicity, thats not something > > small time hackers trying to get world of warcraft passwords want. > > > > there is a political game going on here that i don't understand, this > > isn't just a case of teeny boppers wanting passwords, something else > > is a foot. > > > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
