Wednesday, June 01, 2011

Debate on FBI's tackle of Coreflood botnet rages; :spearfishing" to get govt info from employee personal computers

SC Magazine has a “pro and con” debate on the FBI shutdown of the Coreflood botnet, apparently by executing  attacker code and affecting some US machines.  Jim Bardin from Treadstone 71 argues for it, whereas Chris Palmer from Electronic Frontier Foundation argues against. The link for the article is here  and was tweeted by Webroot today.

There’s another “pro” column by Bruce Schneier here.

 Any course of action was risky.

eWeek has a more detailed article by Rashid as to how the counterattack worked, as it was complicated by “beacons” and rebooting machines, link (April 28, 2011) here

Google today announced some opportunities, including 2-step verification, to tighten up Gmail after it researched a phishing and malware scheme that had originated from China and that was apparently used to track people, possibly political dissidents. The official corporate blog entry is here and it was announced on Twitter today. The extra steps of security verification would include receiving a text on your cell phone.

CNN described a technique called "spearfishing" (or spearphishing) to try to get government or business information from employee's personal computers. The attacks seem to have involved government executives and perhaps others at contractors and may originate particularly fro China.


No comments: