Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Digg this story   Add to del.icio.us  
Ghostnet
F-Secure, 2009-03-29
Typical document used in a targeted attack

University of Toronto published today a great research paper on targeted attacks.

We've talked about targeted attacks for years. These cases usually go like this:

1. You receive a spoofed email with an attachment
2. The email appears to come from someone you know
3. The contents make sense and talk about real things (and in your language)
4. The attachment is a PDF, DOC, PPT or XLS
5. When you open up the attachment, you get a document on your screen that makes sense
6. But you also get exploited at the same time
7. The exploit drops a hidden remote access trojan, typically Grey Pigeon or Gh0st Rat variant
8. No one else got the email but you
9. You work for a government, a defense contractor or an NGO

gh0st rat

But the real news is that Greg Walton & co actually managed to get an inside view of some of the servers used in these spying attacks. This means they got to see what was being done with the infected machines and where in the world they were.

ghostnet
Click the image to read John Markoff's article

The release of the paper was synchronized with the New York Times article. University of Cambridge released a related research paper at the same time as well. The Cambridge paper goes all the way to point the finger directly at the Chinese Government. Most other parties, us included, have not done such direct accusations without concrete proof of government involment.

For a reason or another, infowar-monitor.net has been down all day. So we've made a mirror of the research papers available here:

ghostnetdoc ghostnetdoc

More resources: Here's a video that we posted earlier about targeted attacks:

youtube

And here are selected blog posts on the topic:

On 29/03/09 At 02:21 PM




The information, views, and opinions contained on this page are those of the author and do not necessarily reflect the views and opinions of SecurityFocus.






 

Privacy Statement
Copyright 2009, SecurityFocus