Dave is a security guy with a clue btw....he does some good FUD-Busting here and beat me to it....his comments are in response to the articles appearing in this TinyURL of a GoogleNews search --> http://tinyurl.com/dvmjf.
-rick Infowarrior.org ------ Forwarded Message From: David Kennedy CISSP <[EMAIL PROTECTED]> Date: Thu, 16 Jun 2005 17:20:42 -0400 Subject: De-hyping The NISCC Trojan Story For your enjoyment. Push to infowarrior if you wish. I have no problem with attribution. -----BEGIN PGP SIGNED MESSAGE----- [Before I cut the hype, I'd like to preface this note with a couple other observations: this incident gets worse the more we learn about it and it might be an indicator of "what's next." Last year was the "Year of The Bot." This year may well become know as "The Year of Spyware." 2006 could be "The Year of the Targeted Trojan." That said, today's stories are just sloppy writing and thinking.] - - From the Globe & Mail: >>>> The NISCC says it has found 76 Trojan programs, and the IP addresses on the e-mail carrying the Trojans come from the Far East. <<<< There is no evidence there are 76 different trojans. What NISSC does is they list the various aliases 9 different vendors use for the trojan horse programs with a total of 76 lines of aliases, at least two of which appear twice each. The most by any one of those vendors is Sophos' 18. (and Sophos is based where? Who's easy for the UK press to get a quote from?) Kaspersky calls out 17. Panda calls it only one. One could conclude Panda is the most efficient at catching them all with one sig. One could conclude Panda only catches one and something between 17 and 75 are not detected. Without samples and objective testing there's no way to tell what the number is. Far East? The known perpetrators, a London-based couple who have already been arrested and incarcerated, may have used one of thousands of spam e-mail proxies to broadcast messages carrying the trojans, and happened to use one in East Asia. Bouncing mail from London through a proxy in, say, Guangzhou does not mean there is some cabal of Cantonese spies behind this. Bah...! Again the Globe&Mail: >>>> NISCC says that nearly 300 British government departments and businesses ? including financial, health care, telecommunications and transportation organizations ? have been the subject of these attacks. <<<< Holy crap! 300 victims! Computer Weekly: >>>> The discovery has sparked a major behind-the-scenes operation by NISCC to alert more than 300 government and private sector organisations responsible for the UK¹s critical infrastructure and services, to introduce countermeasures on their computer systems. <<<< What?! You mean there are NOT 300 victims, only that NISCC distributed their warning to 300 organizations responsible for infrastructure security? The CERT Coordination Center at Carnegie Mellon has been around since 1988. I estimate their mailing list has tens of thousands of subscribers. Just by pushing out a bulletin does not mean there have been tens of thousands of victims. The facts of this incident could show this is a significant risk. But those facts have yet to be revealed and critical thinking is essential in parsing the facts from sloppy writing from journalists desperate to please their editors and advertisers. You are a subscribed member of the infowarrior list. Visit www.infowarrior.org for list information or to unsubscribe. This message may be redistributed freely in its entirety. Any and all copyrights appearing in list messages are maintained by their respective owners.
