02.18.10

Enormous CyberAttack Takes Ten Minutes to Undo Here

Posted in Cyberterrorism at 9:19 am by George Smith

From December on DD ‘old’ blog:

[I] removed a copy of one of the Zeus/Zbot pieces of malware after it floated through my anti-virus software on Saturday. This took about ten minutes, not only to squash but also to upload to the vendor so that it might be detected at some point in the future. Yesterday, the software was finally updated to flag my test files.

The purpose of Zeus/Zbot is fundamentally the same as what was alleged to have happened to State Dept. computers. It steals banking credentials, credit cards, logons and installs hooks which allow the attacker to manipulate the infected PC remotely.

A rather homespun, if somewhat patience-trying, description of what Zbot can and has done is here on YouTube.

Typically, though, big or splashy news of government intrusions — the best scare stories — are now furnished almost entirely by vendors because vendors control the business of computer security in the US government.

Zeus’s gig, part of it — anyway — was pulling the fake anti-virus thing on users, telling the infected they had to sign up their credit to remove viruses they didn’t have, except for the ransomware itself.

Today from the Wall Street Journal via Yahoo:

Starting in late 2008, hackers operating a command center in Germany got into corporate networks by enticing employees to click on contaminated Web sites, email attachments or ads purporting to clean up viruses, NetWitness found.

In more than 100 cases, the hackers gained access to corporate servers that store large quantities of business data, such as company files, databases and email.

They also broke into computers at 10 U.S. government agencies.

By definition, government agencies are broken into every day. And all business computers always store large amounts of business data.

In any case, Zeus attacks were not extraordinary frontpage news when DD reported it matter of factly. Or when others noted the same in various videos posted to YouTube.

Today they’re news because NetWitness made a report out of them and handed it over to the press.

Way down in the articles on the worldwide Zeus cyber-catastrophe one spies Amit Yoran’s name.

“These large-scale compromises of enterprise networks have reached epidemic levels,” says Yoran, chief executive officer of Virginia-based NetWitness, to the UPI.

Amit used to be the US government’s cyberczar. For a mercilessly brief period during the Bush administration.

In a website post from that time:

While some children have role models like John Wayne or Babe Ruth, [Amit Yoran’s] most envied role model was Alex P. Keaton, the character Michael J. Fox played on the NBC TV sitcom Family Ties. People who know him say he used to wear vests and even ties to school when he was growing up – and he did not attend a private school where uniforms were required. No, this was just the way Amit used to like to dress, even amidst a mix other kids wearing everything from Metallica shirts to the latest Benetton fashions. And he would – like the Keaton character on the show – frequently gush about, “What a stud,” Ronald Reagan or Oliver North were.

But Yoran quit his job as cyberczar. The US government was perhaps not the best place for him to release reports on the threat and menace of global cyberattacks.

“Cyber 9-11 has happened over the last 10 years, but it’s happened slowly so we don’t see it,??? Yoran said at some cybersecurity conference after departing.

Scoffers are naive, it was said in the same article.

Our advance into the bright and safe future of proper cybersecurity has always been slowed down by the Fussell-noted American tendency to deliver everything coated in a crust of exaggeration and hype. Rather than opening the way for a new and proper regime of cybersecurity, it has bred just enough resistance — the adoption of the derogatory slang term, fud, as one example — to get in the way of taking enormous cyberthreat stories as seriously as their creators feel they should be taken.

In the book BAD: Or, the Dumbing of America, the author described this general practice systemically, well before it got carried over into things that didn’t exist yet, like corporate computer security business.

“Thus, this … is about the publicity enterprise propelling modern life, which seems to make it clear that few today are able independently to estimate the value of anything without prompting from self-interested sources,” the author wrote.

“This means nothing will thrive unless inflated by hyperbole and gilded with a fine coat of fraud. If in some ways the subject suggests the tragic — all those well-meaning people swindled by their own credulity — looked at another way the topic proposes all the pleasures of farce … [projecting] anew and continuously the classic comic motif, the manipulation of fools by knaves.”

And so the newsmedia becomes an instrument of it.

Since the US government practices the same thing in some area, every single day, one wonders why Yoran left its employ in the first place.

The answer may have been that it just didn’t pay enough and the skids, while well-greased, were just not quite as greasy as thought appropriate by the cyberczar of computer securing.

“The [tens of thousands of] computers were infected with spyware called ZeuS, which is available free on the Internet in its basic form,” reported the Wall Street Journal.

“Evidence suggests an Eastern European criminal group is behind the operation, likely using some computers in China because it’s easier to operate there without being caught, said NetWitness’s Mr. Yoran.

“There are some electronic fingerprints suggesting the same group was behind a recent effort to dupe government officials and others into downloading spyware via emails purporting to be from the National Security Agency and the U.S. military, NetWitness’s Mr. Yoran said.”


And here is another dose of predicted catastrophe courtesy of Mike McConnell, one of the Cult of Cyberwar’s best and most famous salesmen.

Related: Cybersecurity Schwick

Cult of Cyberattack from the archives.

3 Comments

  1. Mime said,

    February 27, 2010 at 9:02 am

    Zeus is hard since it uses the most new attacks to undisclosed run services calls from windows 2k / XP in particular. It has at least 10 different kernel hooks for reloading making it almost impossible to chop off.

  2. George Smith said,

    February 27, 2010 at 9:58 am

    Yeah, I’m sure it’s a big pain in the ass for a lot of people. Like many things one encounters as the ‘overhead’ to being on the net.

  3. Xent DuB said,

    February 28, 2010 at 2:09 pm

    Run CCleaner for the registery issues then a good fresh updated malware product like Malwarebytes and any updated Anti Virus
    then you will have a clean drive the single most important thing is that all your Products are uptoo date and fresh. I cant stress that Enough update update update!!!
    take care and be safe always wear your rain coat wouldnt want you to catch sumthen