Re: ZeuS: ‘A Virus Known as Botnet’

[Gadi Evron <ge () linuxbox org>]

On 2/19/10 3:26 PM, Paul Ferguson wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Spot on.

It's just yet another banking/phishing trojan with a remote drop zone.

        Gadi.


> [snip]
>
> As a journalist who for almost ten years has sought to explain complex
> computer security topics to a broad audience,  it’s sometimes difficult
> to be picky when major news publications over-hype an important security
> story or screw up tiny details: For one thing, Internet security so seldom
> receives more than surface treatment in the media that the increased
> attention to the issue often seems to excuse the breathlessness with which
> news organizations cover what may seem like breaking, exclusive stories.
>
> The trouble with that line of thinking is that an over-hyped story tends to
> lack important context that helps frame the piece in ways that make it more
> relevant, timely, and actionable, as opposed to just sensational.
>
> I say this because several major media outlets, including The Washington
> Post and the Wall Street Journal, on Thursday ran somewhat uncritical
> stories about a discovery by NetWitness, a security firm in Northern
> Virginia that has spent some time detailing the breadth of infections by a
> single botnet made up of PCs infected with ZeuS, a password stealing Trojan
> that lets criminals control the systems from afar. NetWitness found that
> this particular variant of the botnet, which it dubbed “Kneber,” had
> invaded more than 2,500 corporations and 75,000 computers worldwide.
>
> [snip]
>
> Much more:
> http://www.krebsonsecurity.com/2010/02/zeus-a-virus-known-as-botnet/
>
> My favorite:
>
> "This is just some of the context that would have been nice to see in any
> of the mainstream press treatment of this research. From where I sit,
> security stories that lack appropriate context tend to ring hollow, and
> squander important opportunities to raise awareness on the size, scope and
> real-world impact of these threats."
>
> - - ferg
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.5.3 (Build 5003)
>
> wj8DBQFLfpGXq1pz9mNUZTMRAuy9AKCELOvvsBPnY/cCLcO4b4y/Xbeh+wCg4uFq
> Yq/n97/qyYLG2zKUOu/iJBw=
> =EM5Q
> -----END PGP SIGNATURE-----


-- 
Gadi Evron,
ge () linuxbox org.

Blog: http://gevron.livejournal.com/
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.