[LINK] GhostNet

[Rick Welykochy]

stephen at melbpc.org.au wrote:

> Brenda forwards,
> 
>> http://www.f-secure.com/weblog/archives/00001636.html
>> has a good explanation of the conficker/downadup worm 
> 
> 'Vast Spy System Loots Computers in 103 Countries'

> (Nb2, no mention, in either news reports, re specific operating systems) 

In my readings of the press, with 100% accuracy to date, when the operating
system is not mentioned, it is Windows. I put this down to ignorance of
what an operating system is plus the ubiquity of Windows.

This case is no different. From the University of Illinois/Cambridge report
linked by Tom K <http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-746.pdf>

The Tibetan monks whose machines were compromised were using Outlook Express
(i.e. Windows), and the initial infection vector was executable  .DOC files
(Windows). My guess is they were files with a .doc.exe extension
but the extension .exe was hidden. This is a very common exploit in Windows.


The opening sentences of the report's conclusions are telling:


"In this note we described how agents of the Chinese government
  compromised the computing infrastructure of the Office of His
  Holiness the Dalai Lama. They used social phishing to install
  rootkits on a number of machines and then downloaded sensitive
  data. People in Tibet may have died as a result."

Things are going to get worse (more seamless and easy attacks to individual
and corporate Windows boxen) before they get better (Windows is ditched for
a more secure alternative).

cheers
rickw




-- 
_________________________________
Rick Welykochy || Praxis Services

We are all born mad.
Some remain so.
      -- Samuel Beckett in Waiting for Godot.