Feeds & Podcasts
Blogs
- Consumer (478)
- Corporate (155)
- Enterprise (466)
- McAfee Labs (1126)
Meet the Bloggers
- Abhishek Karnik
- Adam Pridgen
- Adam Wosotowsky
- Aditya Kapoor
- Ahmed Sallam
- Alex Hinchliffe
- Allysa Myers
- Anil Ramabhatta
- Anindita Mishra
- Anna Stepanov
- Apurv Anand
- Arun Pradeep
- Arun Sabapathy
- Avelino Rico Jr
- Ben Edelman
- Bhaskar Krishna
- Bing Sun
- Brad Antoniewicz
- Brant Yaeger
- Brenda Moretto
- Brian Kenyon
- Brian Mann
- Carlos Castillo
- Cedric Cochin
- Chen Yu
- Chintan Shah
- Chris Barton
- Craig Schmugar
- Cyber Mum Australia
- Dan Sommer
- Dave Klenske
- David Marcus
- David Rayhawk
- David Scharoun
- Dennis Elser
- Denys Ma
- Di Tian
- Dirk Kollberg
- Dmitry Gryaznov
- Dr. Phyllis Schneck
- DThakkar
- Editor
- Elodie Grandjean
- Eric Peterson
- Eric Schou
- Federico Barbieri
- Felix Martinez
- Francie Coulter
- Francisca Moreno
- Francois Paget
- Gabriel Acevedo
- Gaith Taha
- Gary Davis
- Gavin Struthers
- Geok Meng Ong
- Georg Wicherski
- George Kurtz
- Gert Jan Schenk
- Girish Pillai
- Guilherme Venere
- Haowei Ren
- Harish Garg
- Hiep Dang
- HongZheng Zhou
- Igor Muttik
- James Duldulao
- James Galpin
- Jan Volzke
- Jeremy Gilliat
- Jim Walter
- Jimmy Kuo
- Jimmy Shah
- Joe Telafici
- Joel Spurlock
- Joey Koo
- John Dasher
- Jon Paterson
- Jonathan Zdziarski
- Juan Bocanegra
- Karthik Raman
- Kevin Beets
- Kevin McGhee
- Kevin Watkins
- Kim Eichorn
- Lang Tibbils
- Latha Ramasamy
- Lianne Caetano
- Lokesh Kumar
- Madhurima Pawar
- Marc Olesen
- Marius van Oers
- Mark Olea
- Matthew Wollenweber
- Meirgen Krehs
- MFEChannelChief
- Micha Pekrul
- MihwaLee
- Mike Price
- Mohinder Gill
- Monty Ijzerman
- Nandi Kishore
- Navtej Singh
- Neha Joshi
- Nick Kelly
- Nikfar Khaleeli
- Nishad Herath
- Nitin Jyoti
- Nitin Kumar
- Oliver Devane
- PageOne Pr
- Paolo Palumbo
- Paras Gupta
- Patrick Comiotto
- Patrick Knight
- Paula Greve
- Pedro Bueno
- Peter Meyer
- Peter Szor
- Pradeep Govindaraju
- Prajwala Rao
- Prashanth PR
- Rachit Mathur
- Rafal Wojtczuk
- Rahul Kashyap
- Rahul Mohandas
- Raj Samani
- Ravi Balupari
- Rizwan Husain
- Robert Ross
- Robert Siciliano
- Rodney Andres
- Romain Levy
- Rusty Carter
- Ryan Permeh
- Sam Masiello
- Schalk Cronjé
- Seth Purdy
- Shane Keats
- Shannon Cole
- Sharath Veerabhadraswamy
- Shinsuke Honjo
- Simon Cooper
- Simon Hunt
- Stephen Karkula
- Stina Wikstrom
- Stuart McClure
- Sudarshan Swamy
- Swapnil Pathak
- Tad Heppner
- Ted Rooney
- Tim Fulkerson
- Todd Gebhart
- Toralv Dirro
- Tracy Mooney
- Tracy Ross
- Ugur Sahsi
- Umesh Wanve
- Varadharajan Krishnasamy
- Vinay Mahadik
- Vinoo Thomas
- Vitaly Zaytsev
- Vivek Chudgar
- Vu Nguyen
- Wei Wang
- Xiao Chen
- Xing Su
- Yang Zhang
- Yichong Lin
- Zhedong Chen
- Zhu Cheng
Archive
- February 2012 (18)
- January 2012 (47)
- 2011 (482)
- 2010 (431)
- 2009 (395)
- 2008 (294)
- 2007 (416)
- 2006 (169)
Tags
#SecChat $1 million guarantee 12 Scams of Christmas access to live fraud resolution agents Acquisition Alex Thurber Android antivirus Apple botnet Channel Partners cloud security Compliance Consumer counter identity theft credit card fraud and protection credit fraud alerts credit monitoring credit monitoring and resolution critical infrastructure Cyber Security Mom cyberbullying Cybercrime cybermom data breach data center data center security Data Protection Dave DeWalt DLP Email & Web Security embedded encryption Endpoint Protection enterprise facebook fake anti-virus software Family Safety Friday Security Highlights global threat intelligence google government Hacktivism how to talk to kids how to talk to teens identity fraud identity fraud scams identity protection identity protection $1 million guarantee identity protection fraud identity protection surveillance identity surveillance identity theft identity theft expert identity theft fraud identity theft protection identity theft protection product Identity thieves and cybercriminals intel iphone kids online behavior lost wallet protection malware McAfee McAfee Channel McAfee Family Protection McAfee Identity Protection McAfee Initiative to Fight Cybercrime McAfee Labs McAfee security products Mid-Market Mobile mobile malware mobile security monitor credit and personal information Network Security online personal data protection online safety Operation Aurora PCI personal identity theft fraud personal information loss personal information protection phishing privacy proactive identity protection proactive identity surveillance Public Sector restore credit and personal identity Risk and Compliance scam scams scareware security smartphones social media social networking social networks spam Stuxnet twitter vulnerability Web 2.0 work with victim restore identity
Cyber Jihad – I”™ll say good and quiet November 11 to you
|
|
Rumors circulate periodically about the approaching of a cyber jihad against Western websites. In October 2001, hackers in Pakistan declared such a battle against the US and Britain, and as early as 1995 a strategic exercise simulated an information attack on the US and its allies ( Time Magazine, August 21, 1995 Volume 146, N°. 8 ).
More recently, the controversial alerts of August 2004 and November 2006 caused us to handle such information with an enormous amount of caution. It is why, up until recently, we did not relay the last information given by an Israeli intelligence magazine reporting that such attack was announced for November 11, 2007.
However, yesterday we received a sample of a program that some have connected with this attack, and as many comments circulate today on the Web, I decided to blog on this matter.
The program is pompously named “the electronic program of Jihad” and is quoted as version 3.00. Its icon matches the one DEBKAfile presented in his November 7 article: the symbol of all Qaeda’s Cyber Warriors.
http://www.debka.com/headline.php?hid=4723
Once installed, the program asks for a username/password to join the attack network and attempts to connect to a cyber jihadist coordinating web site. Today this site is unreachable.
Another window seems related to some bonus program: you can win 24 points by referring a newcomer.
As for now the pilot website is down and I was unable to continue the analysis, but the following screenshot is available on the Anthropologist blog.
Like previous versions, it seems the program can only initiate basic DDoS attacks and as written by the Register, some are skeptical of this attack.
Attacks against websites happen every day for criminal, political, and/or hacktivist reasons and this one, if it occurs, will be added to that long list.
I wrote this blog entry to demonstrate that at least one terrorist ring is interested in malware. But it seems to me, they have not reached the technical level of some criminal groups, for now. In this case, no fast-flux network was involved; no complex Command & Control protocol was committed, no worldwide botnet was created. They are years behind! Shutting down the distribution website stopped the attack before it starts.
It is why I’ll say good and quiet November 11 to you.
|
|
Comments (5)
It is easy to say they were no threat, when someone else has tracked , infiltrated and shut them down 2 days before the attack.
And publicly burned their head Hacker.
G
Ramsey: I’m pretty sure its what they say it is. The 2.0 software was distributed on an Islamist al-Qaeda support site in texas that was shut down earlier this year.
Update 8th November 2007
The Register is reporting that a new version of the “Electronic Program of Jihad” has been discovered. This new version has been dubbed version 3.0. It is speculated that this program is the version that will be used during the above reported threat of attack on November 11th. McAfee provide more details on their Avert Labs Blog.
“I wrote this blog entry to demonstrate that at least one terrorist ring is interested in malware.”
Actually, you haven’t had any means to identify the source of this malware, or have you? so, it’s a bit unprofessional from your side to attribute it to any group especially that the source of the news (an israeli website) is clearly in dispute with those people.
So it’s like volunteering for a botnet. Interesting approach. I just wonder if it’s really related to any Islamic Jihadist organizations or if it’s just a social engineering attack to grow the network.
Any further details on the connectivity back to the login server? Any details from the binary on how it was built that would indicate whether it was created from a setup totally on an islamic system or whether it’s only meant to look islamic.
Submit your own comments / message for this post