A researcher has discovered a flaw in software used to spy on government agencies and contractors that can alert security personnel that their networks have been infiltrated by the otherwise hard-to-detect programs. The discovery by Joe Stewart, Dell SecureWorks' director of malware research, could help administrators detect so …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Thursday 4th August 2011 08:35 GMT Destroy All Monsters

So how do these error messages look like?

Inquiring minds want to know...

3 0
Thursday 4th August 2011 08:36 GMT seven of five

And could Mr Stewart possibly be arsed to give us an example?

...so we might actually have a look for it? Or do I[1] have to grep the entire system for htran.exe?

[1] Not exactly I, as I do unix and have my own share of misery...

1 0
Thursday 4th August 2011 08:43 GMT Scorchio!!

China

Chinese policy on this - blanket denial in spite of evidence to the contrary - should make people think hard and act fast.

http://www.zdnet.com/blog/btl/has-the-united-states-already-suffered-its-cyberwar-pearl-harbor/53901?tag=nl.e550

0 0
1. Thursday 4th August 2011 12:12 GMT MarkieMark1
  
  Not merely 'evidence to the contrary'
  
  According to the report at http://www.secureworks.com/research/threats/htran/
  
  "we were lucky enough to observe a transient event that showed a deliberate attempt to hide the true origin of an APT" in the PRC, so it sounds as though it's very compelling evidence, possibly even beyond a reasonable doubt :-)
  
  0 0
2. Friday 5th August 2011 08:29 GMT Paul 129
  
  Saw an interesting attack recently
  
  I was helping a friend of my daughter. In another state, so I was giving him a tutorial about proxies. Strangely enough his machine was proxying though the PRC and Taiwan, no other apparent infection. Given that his mother apparently worked in a sensitive governmental area well....
  
  Targeted fish -> child
  
  child+usb -> parents computer
  
  parent + usb -> Significant compromise.
  
  It would have been interesting to have been involved with the cleanup of the thing, but 10 to 1 the active payload on the PC would have been minimal since its web access was poisoned...
  
  0 0
Thursday 4th August 2011 08:43 GMT Reality Dysfunction

Can you tell what it is yet?............

Can we have a link to Dell secureworks information on this ... or at least some more in depth info on what the errors would be and where they would show.

What is this the BBC?

3 0
Thursday 4th August 2011 08:52 GMT JohnG

Link with details

http://www.secureworks.com/research/threats/htran/

3 0
Thursday 4th August 2011 09:46 GMT Trygve Henriksen

Maybe he shouldn't have shared that...

Not that openly at least...

Now every bl**dy malware author is aware of the flaw and will be taking action to remedy it.

0 0
1. Thursday 4th August 2011 11:59 GMT Scorchio!!
  
  rE: Maybe he shouldn't have shared that...
  
  It's the eternal dilemma, isn't it? Don't release, but tell the source of the problem and they sit on their hands. Publicise and they have to race to beat the malware authors.
  
  1 0
Thursday 4th August 2011 22:14 GMT Anonymous Coward

Scene: an office

Scene: an office

Non-IT person: OMFGWTFBBQ111!!1! I found that-there APT stuffs on our network!!!

IT person <sigh>: How did you find it? Show me.

Non-IT person: Look at this-here packet dump:

"http://debian.org/apt/repos/x86_64/repo.list.gz"

IT person <sigh> <facepalm>

1 0