Create an Account
username: password:
 
  MemeStreams Logo

McAfee: 'Amateur' malware not used in Google attacks

search

Rattle
Picture of Rattle
Rattle's Pics
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Rattle's topics
Arts
  Literature
   Sci-Fi/Fantasy Literature
  Movies
  Music
Business
  Tech Industry
  Telecom Industry
Games
Health and Wellness
Holidays
Miscellaneous
  Humor
  MemeStreams
   Using MemeStreams
Current Events
  War on Terrorism
  Elections
Recreation
  Travel
Local Information
  SF Bay Area
   SF Bay Area News
Science
  Biology
  History
  Nano Tech
  Physics
  Space
Society
  Economics
  Futurism
  International Relations
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
    Surveillance
   Intellectual Property
  Media
   Blogging
  Military
  Security
Sports
Technology
  Biotechnology
  Computers
   Computer Security
    Cryptography
   Cyber-Culture
   PC Hardware
   Computer Networking
   Macintosh
   Linux
   Software Development
    Open Source Development
    Perl Programming
    PHP Programming
   Spam
   Web Design
  Military Technology
  High Tech Developments

support us

Get MemeStreams Stuff!


 
McAfee: 'Amateur' malware not used in Google attacks
Topic: Computer Security 11:53 am EDT, Mar 31, 2010

A misstep by McAfee security researchers apparently helped confuse the security research community about the hackers who targeted Google and many other major corporations in cyber attacks last year.

On Tuesday, McAfee disclosed that its initial report on the attacks, which it branded Operation Aurora, had mistakenly linked several files to the attacks that had nothing to do with Aurora after all.

The files mistakenly linked to Aurora in McAfee's initial research are actually connected to a still-active botnet network of hacked computers that was created to shut down Vietnamese activists.

Other companies that followed up on McAfee's research were apparently confused too, according to McAfee's Alperovitch. "Some of the other companies that published their analysis on Aurora were analyzing this event and just didn't realize it," he said.

One such company was Damballa, Alperovitch said. Earlier this month, Damballa concluded that the Aurora attacks were the work of somewhat amateur botnet writers.

This type of attack is what computer forensics company Mandiant calls an advanced persistent threat. In it's report, Damballa described it as the work of a "fast-learning but nevertheless amateur criminal botnet team."

"The advanced persistent threat is not a botnet," said Rob Lee, a Mandiant director.

Damballa said it would have a comment on the matter sometime on Wednesday.

"Damballa does not have first hand knowledge of our investigation of the attacks we announced in January," a Google spokesman said via email Tuesday. "There did seem to be confusion about the two issues on the part of some people, and we've said clearly in our blog post that they were separate."

See my earlier comments about Damballa's flawed analysis. Too many people are trying to get on the APT buzzword wagon.

Update: I respect Gunther based on what I've been told about him from people who've worked with him... That being said, I still think he continues to be wrong about a few key things. Just because an attacker uses inferior tools, does not mean they are an inferior attacker. Security outcomes are the only thing both defenders and attackers are judged by. In the case of Sino-APT, they are getting the outcomes they want using their least advanced tools and compromised resources in the majority of cases, always leaving them a way to scale up the sophistication of their attacks to achieve their desired outcomes. This is the mark of an attacker really thinking out their strategy, not an amateur. Also, Damballa has yet to reference the division of labor and timing of activities seen in Sino-APT attacks, which is key evidence of their high level of organization. That alone continues to lead me to believe that Damballa has no inside knowledge of Sino-APT activities, as Google has suggested.

McAfee: 'Amateur' malware not used in Google attacks



 
 
Powered By Industrial Memetics
RSS2.0