Skip to main content

Home/ International Politics of the Middle East/ Group items tagged viruses

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Ed Webb

Flame and Stuxnet Cousin Targets Lebanese Bank Customers, Carries Mysterious Payload | ... - 0 views

www.wired.com/...all

hacking viruses cyberwar crime espionage sabotage Lebanon Israel US USA

shared by Ed Webb on 09 Aug 12 - No Cached
  • Gauss marks the first time that apparently nation-state-created malware has been found stealing banking credentials, something that is commonly seen in malware distributed by criminal hacking groups.
  • Gauss appears to have been created sometime in mid-2011 and was first deployed in September or October of last year, around the same time that DuQu was uncovered by researchers in Hungary. DuQu was an espionage tool discovered on machines in Iran, Sudan, and other countries around August 2011 and was designed to steal documents and other data from machines. Stuxnet and DuQu appeared to have been built on the same framework, using identical parts and using similar techniques. Flame and Stuxnet also shared a component, and now Flame and Gauss have been found to be using similar code as well.
  • Extrapolating from the number of infected Kaspersky customers, they speculate that there may be as many as tens of thousands of other victims infected with Gauss. By comparison, Stuxnet infected more than 100,000 machines, primarily in Iran. DuQu infected an estimated 50 machines, but was not geographically focused. Flame is estimated to have infected about 1,000 machines in Iran and elsewhere in the Middle East.
  • ...4 more annotations...
  • Kaspersky suggests that “white” in the file name may refer to Lebanon, a name said to be derived from the Semitic root letters “lbn,” which are also the root letters for “white.” Although in Arabic — a Semitic language — white is “abayd,” in Hebrew — also a Semitic language — the word for white is “lavan,” which comes from the root letters “lbn.”
  • Like Flame, Gauss is modular, so that new functionality can be swapped in and out, depending on the needs of the attackers. To date, only a few modules have been uncovered — these are designed to steal browser cookies and passwords, harvest system configuration data including information about the BIOS and CMOS RAM, infect USB sticks, enumerate the content of drives and folders, and to steal banking credentials as well as account information for social networking accounts, e-mail and instant messaging.
  • Gauss also installs a custom font called Palida Narrow, the purpose of which is not known. The use of a custom font designed by the malware authors is reminiscent of DuQu, which used a font called Dexter fabricated by its creators to exploit victim machines. Kaspersky has found no malicious code in the Palida Narrow font files and has no idea why it’s in the code, though the font contains Western, Baltic and Turkish symbols.
  • the USB module appears to be aimed at bridging an airgap and getting the payload onto systems that are not connected to the internet, as it had been used previously to get Stuxnet onto industrial control systems in Iran that were not connected to the internet. As noted, the payload is only unleashed on systems that have a specific configuration. That specific configuration is currently unknown, but Schoewenberg says it has to do with paths and files that are on the system. This suggests that the attackers have extensive knowledge about what is on the target system they are seeking.
Ed Webb

Trump threatens a new war with Iran as the coronavirus spreads through the military. - 0 views

slate.com/...itary-navy-roosevelt-iran.html

US USA military diplomacy Iran Iraq Trump navy pandemics war

shared by Ed Webb on 02 Apr 20 - Cached
  • The outbreak spreading on the USS Theodore Roosevelt, one of the Navy’s 11 aircraft carriers, reveals yet another victim of the coronavirus pandemic: the American military’s ability to patrol the world’s oceans and deter or fight wars.
  • Warships and submarines, even more than cruise ships, are breeding grounds for viruses. Crew members are packed into narrow confines, working and sleeping within inches of one another.
  • amid this crisis, the Trump administration has ordered U.S. military commanders to prepare a campaign to destroy Iranian-backed militias in Iraq, as part of an overall effort—spearheaded by Secretary of State Mike Pompeo and national security adviser Robert O’Brien—to weaken the regime in Tehran
  • ...5 more annotations...
  • According to official figures released today, 893 U.S. military personnel across all the services have tested positive, as have 306 Defense Department civilian workers, 256 dependents, and 95 contractors. Of them, 85 have been hospitalized; five are dead.
  • the top U.S. commander in Iraq, Lt. Gen. Robert White, wrote a rare dissenting memo, objecting that the campaign would require sending thousands of additional troops to Iraq and would distract from the main U.S. mission in the country: training Iraqi troops to fight ISIS.
  • other Pentagon officials and officers have raised concerns about another problem with the plan—sending U.S. armed forces, some of whom may already be infected with the coronavirus, to a region where the virus is spreading like wildfire.
  • mericans aren’t the only ones at a disadvantage right now. It’s time to step up diplomatic efforts to deal with our various crises and conflicts. Too bad we have so few diplomats.
  • A Reuters correspondent is reporting that the Navy will relieve Capt. Brett Crozier, the commander of the USS Theodore Roosevelt who wrote the leaked letter, asking his superiors to deal more speedily with the pandemic spreading across his ship. The navy bosses are citing a “loss of confidence” in the captain for his presumptuousness. One wonders how many sailors, to say nothing of their anxious families, will lose confidence in the Navy. A truly responsible president or defense secretary should fire the admiral who made this decision—and replace him with Crozier.
1 - 3 of 3
Showing 20 items per page