rick at praxis.com.au
Mon Mar 30 09:19:06 EST 2009
stephen at melbpc.org.au wrote:
> Brenda forwards,
>> has a good explanation of the conficker/downadup worm
> 'Vast Spy System Loots Computers in 103 Countries'
> (Nb2, no mention, in either news reports, re specific operating systems)
In my readings of the press, with 100% accuracy to date, when the operating
system is not mentioned, it is Windows. I put this down to ignorance of
what an operating system is plus the ubiquity of Windows.
This case is no different. From the University of Illinois/Cambridge report
linked by Tom K <http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-746.pdf>
The Tibetan monks whose machines were compromised were using Outlook Express
(i.e. Windows), and the initial infection vector was executable .DOC files
(Windows). My guess is they were files with a .doc.exe extension
but the extension .exe was hidden. This is a very common exploit in Windows.
The opening sentences of the report's conclusions are telling:
"In this note we described how agents of the Chinese government
compromised the computing infrastructure of the Oﬃce of His
Holiness the Dalai Lama. They used social phishing to install
rootkits on a number of machines and then downloaded sensitive
data. People in Tibet may have died as a result."
Things are going to get worse (more seamless and easy attacks to individual
and corporate Windows boxen) before they get better (Windows is ditched for
a more secure alternative).
Rick Welykochy || Praxis Services
We are all born mad.
Some remain so.
-- Samuel Beckett in Waiting for Godot.
More information about the Link