Wednesday, April 16, 2008

it was only a matter of time

This is some scary stuff. Internet criminals are now targeting individuals with some rather cunning attacks rather than the normal casting of the net wide in hopes to reeling in some lucrative targets.

I work for a network security company, I'm not really allowed to say which one in my blog here, but it's not really a secret.

We deal with SPAM - and some researchers and 'experts' are mis-labeling this as SPAM. It's not. This is a targeted attack on a high profile individual who is being counted upon to be moderately tech-savvy but not a techie, and that's what makes it a little bit scary.

It's the level of knowledge required to do this that is scary. The person who did this was sloppy in a lot of ways. He used an off-the-shelf package to create his deployable malware and then he hardcoded the command and control address. Both of these things are indicators of either someone lazy, or someone who knows 'just enough' to be dangerous. It's the latter that bothers me.

I'm assuming that this person, who if not located in Taiwan at least has a shell account there somewhere, was operating at the limit of his knowledge when he created this attack. This would mean that he's clever enough to research and find the email address of a potential target, custom craft an email that is at least plausible using the target's real name, and then invade that person's machine, stealing, amongst other things, SSL certificates that are installed on that machine, to escalate privileges on other machines. This is not your normal kewl d00d skript kiddie we're talking about here.

No comments: