Shady RAT not so sophisticated: Symantec
Summary
Topics
Building on top of McAfee's report on a global hacking operation nicknamed Shady Rat, Symantec's investigation, written by Hon Lau on the security company's blog, explains how organizations were initially targeted, using emails with attachments that contained exploit code. The attachments seemed typically harmless, being Word, Excel, PowerPoint and PDF documents; however, when opened on unpatched systems, it dropped a trojan at the same time as displaying the expected document.
The trojan itself downloaded images and HTML pages from remote sites, which seemed innocent enough, but according to Lau, actually contained hidden or encrypted instructions that allowed it to contact the command and control server and let attackers know it has compromised its target.
While this level of infiltration might seem highly sophisticated, McAfee noted in its report that "this is not a new attack". Lau stated that "while this attack is indeed significant, it is one of many similar attacks taking place daily". In fact, Lau has raised the question of whether the hackers were really all that sophisticated to begin with.
"The attackers not only failed to secure their server properly, they had also installed various web traffic analysis tools on it too," he wrote. "For example, on one of the sites, we were able to see the statistics about computers contacting the command and control server to download command files."
For more on this story, read Shady RAT not so sophisticated: Symantec on ZDNet Australia.
Just In
ITO - how is it a "scare tactic"? Symantec is confirming operation Shady RAT is REAL. It HAPPENED. The server McAfee talked about is REAL. All they're saying is that they don't think this was that hard to do. That's EVEN SCARIER.
If you want a conspiracy theory at all, it should be to say that Symantec is showing sour grapes because they didn't take credit for uncovering this systemic IP theft first.
Then get off ther mailing lists; they'll honor the request if you smply use the link to their URLs.
Symantec/Norton however are right on top of the situatioin and to date I've never had anything noted elsewhere to not be on Norton unless it was a one-up. Even hoaxes are listed. Their heurstics are also great, I've found, and though I've only had two heurstc hits, both were spot-on.
My only complaint about Symantec/Norton is they're getting too expensive, especially their subscriptions. I would have already switched, but so far no one gives me the turn-key effective relability that Norton does.
- Keep your Computer up to dates with Auto-Updates
- Live behind a firewall
- Don't be a dumbass with offers 'too good to be true', they are.
- Back your PC up
- Set your AV to do a daily sweep
You will have little real chance of an virus/malware etc infestation on your kit.
The number of friends with expired trial AV, and Windows updates off and a laptop with leoprosy is hugely frustrating, esp. when they rock up and expect me to fix it, though it saves on beer costs
metin2 - metin2 indir - metin2 hile - metin2 gm komutlari - metin2 at gorevleri
MMO online games, game related content turk mt2 pvp servers
metin 2 - pvp - server - knight
Mt2 turk MMO PvP game servers online
metin2 pvp sererler - serverlar - pvp serverler - metin2 pvp sererlar - pvp kenti
download http://www.metin2oyunu.org game servers online http://www.metin2pvpserver.net turk mt2 pvp servers http://www.metin2pvpserverlar.com
http://m2oyna.com http://pvp-serverlar.in
Join the conversation!
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
Vendor Showcase
Facebook Activity
