Comments on: Zeus Attack Spoofs NSA, Targets .gov and .mil

By: SpliFF

SpliFF — Fri, 04 Mar 2011 05:28:41 +0000

I’ve run my primary PC on linux for 10+ years and in all that time not one break-in or malware infection despite having no firewall or antivirus software. I’ve even inserted infected USB sticks with autorun malware plainly visible on the drive. I’ve opened numerous suspicious PDFs in xpdf, visited known attack sites with Firefox and NoScript, I open Word docs with impunity via LibreOffice and connect regularly to infected networks.

All my software and dependencies install and update automatically from trustworthy repositories. I’ve never paid a cent for any of my software because it’s all free. I’ve never been given a document I couldn’t open, a disk format I couldn’t read or a file server I couldn’t connect to.

Why anybody would pay for commercial software like Windows, MacOSX or Office when those tools are so easily and commonly exploited is completely beyond me. I wouldn’t even accept those programs as gifts! Frankly users of Microsoft/Apple/Adobe software get exactly what they deserve when they bring me their toasted systems every six months and pay me $120/hr to recover what’s left of their system.

Using the above mentioned software in a home environment is bad enough, but using them in a commercial environment is the height of stupidity. In a military, healthcare, financial or government institution it is entirely unforgivable! I would go so far as to call it an act of treason equivalent to arming a modern defence force with bolt action rifles. God help us all once this sort of software finds general use in automotives, military hardware and hazardous industries!

You want to argue that hackers would exploit linux more often if we all used it? Sure they would – but since ignorance is such a universal property amongst computer users that isn’t likely to happen any time soon.

By: JAson

JAson — Mon, 01 Nov 2010 00:25:22 +0000

Outlawing windows from making operating systems would really really help the situation out greatly. Sure everyone would have to learn new stuff, but in the case of new and complex parental controls for tv, parent were willing to learn something new to make them feel safer or their kids safer, so why not extend that same logic to protecting ones self. Learn to use something new, the free model seems to be the one that is out to protect you, after all Microsoft collects tons of personal information for law enforcement use. Linux is a good start, a linux kernal seems to be the right model, seems other try to copy the wy it works anyways, but they just dont quite get it right.

Windows may look pretty , but it sure dont run so pretty, and ubuntu for one outdoes windows when it comes to eye candy and usefullness. Im not even commenting on mac, becsue its liek back in the day when everyone realize AOL was a fake ISP, the mac isnt a real pc, more like nazzi central with every mac lookign the same.

So ya elimiate windows and watch how fast the talk of virii and major sec issues drops. Maybe not all but after all, i do think windows system is the gateway for the new attackware platform of stuxnet, so to what end will microsilly decode to so simething serious abtou their issues? Will windows be resonsible for an accidental nuke launch?

By: CB

CB — Tue, 26 Oct 2010 16:40:16 +0000

“start all over again”…..hopefully Google will help us to start over.

Most of us have heard the rumors that Google is working on an operating system. We can only hope.

Google is an internet company, with lots of talented employees. I’m hoping that anything they come up with would be miles ahead of MS on the security front.

By: Reflections on RSA – Security is Really a Control and Data Management Problem « Currents from WaveLength Market Analytics

Fri, 05 Mar 2010 16:17:45 +0000

[...] there are individuals motivated by greed, power and personal gain (the riseand co-opting of the Zeus attacks, which originally targeted financial institutions, is just one example – to date it has [...]

By: ZBOT Variant Spoofs the NIC to Spam Other Government Agencies « Spyware Explained

Mon, 01 Mar 2010 03:56:26 +0000

[...] security journalist, Brian Krebs, in his blog confirmed that these messages were spoofed due to several obvious reasons, [...]

By: Craig Spiezle

Craig Spiezle — Mon, 22 Feb 2010 16:05:09 +0000

The Online Trust Alliance (OTA) has been raising the concerns about this exposure for nearly a year. Last April we posted a failing report card for failing to protect their domains from such spoofing. https://otalliance.org/news/releases/OTA_414reportcard.html. We are encouraged by the recent willingness to proceed with best practices now adopted by many leading businesses. In April we will be updating this report to include the top 50 .gov and .mil sites as well as offering the targeted sites training to help implement industry standards.

By: CyberBits 16 Feb 2010 | Cyber Loop

CyberBits 16 Feb 2010 | Cyber Loop — Sun, 21 Feb 2010 07:02:45 +0000

[...] Krebs on Security By Brian Krebs http://www.krebsonsecurity.com/2010/02/zeus-attack-spoofs-nsa-targets-gov-and-mil/ [...]

By: Phishing News of the Week – 19 February 2010 « Truedomain Blog

Phishing News of the Week – 19 February 2010 « Truedomain Blog — Sat, 20 Feb 2010 00:21:41 +0000

[...] eSecurity Planet | Identity Theft Cost Victims $54B in 2009 Better Business Bureau | Phishing Concerns Already on Google Buzz Krebs on Security | Zeus Attack Spoofs NSA, Targets .gov and .mil Domains [...]

By: Kneber BotNet / Zeus Trojan Strikes! | Complete Source

Kneber BotNet / Zeus Trojan Strikes! | Complete Source — Fri, 19 Feb 2010 05:33:55 +0000

[...] Multi-Vector. There seem to be several ways this attack was propagated, including via social networks, through spam email and even very convincing phishing emails, and by using social engineering hooks. [For more on the very elaborate spoofing effort aimed at the NSA and .gov / .mil sites, see Brian Krebs' post here.] [...]

By: Usan como señuelo una advertencia sobre ataque de ZeuS | ooo la la la la : ) HACKED ! by ! mOmiX ! Sory Security Team :(((

Wed, 17 Feb 2010 12:10:41 +0000

[...] criminales han hecho participar la columna que escribí la semana pasada sobre los ataques dirigidos del Troyano ZeuS hacia sistemas militares y gubernamentales: los artistas de la estafa ahora estan enviando spam que incluye los primeros párrafos de esta [...]