Poison Ivy and the “Nitro” Attacks
Poison Ivy is the name given to a family of malicious remote administration Trojans first developed in 2005 and still being utilized for cyber attacks today. As a type of remote administration software, once a computer becomes infected the attacker has complete control of the computer. The most recently documented large-scale utilization of the software was during the “Nitro” attacks from July 2011 through September 2011 that targeted both chemical and defense companies for the purpose of industrial espionage (Fisher). The information security firm McAfee stated that five multinational natural gas and oil companies were successfully targeted by the Poison Ivy malware, as well as 29 other companies identified by Symantec (Finkle). These organizations lost proprietary information to the attackers, including confidential bidding plans (for the energy companies) and details on manufacturing processes and formulas (for several chemical companies).
The malware propagated mainly through the use of email attachments. The attackers utilized social engineering by posing as legitimate business partners or touting security updates. Once the employees opened the email’s attachment their computer would be infected. After a computer became infected, the attacker had the ability to perform a wide range of actions. Poison Ivy utilizes a client/server architecture that turns the infected machines into “servers” that the attackers can access from anywhere there is an Internet connection (Prince). Investigations by Symantec and law enforcement identified that the attacker’s actions were different in each case. In addition to having the ability to browse, copy, and upload documents from an infected computer the att...
... middle of paper ...
...users-rash-110311
Finkle http://www.reuters.com/article/2011/10/31/us-cyberattack-chemicals-idUSTRE79U4K920111031
http://www.f-secure.com/v-descs/backdoor_w32_poisonivy.shtml
Prince http://www.securityweek.com/poison-ivy-kit-enables-easy-malware-customization-attackers
Roberts http://threatpost.com/en_us/blogs/report-hacks-china-shuttered-uk-firm-cost-economy-43-billion-102511
Myers http://www.cyberesi.com/2011/10/11/poison-ivy/
http://www.kaspersky.com/about/news/virus/2010/Kaspersky_Lab_provides_its_insights_on_Stuxnet_worm
Maclean
http://www.reuters.com/article/2010/09/24/security-cyber-iran-idUSLDE68N1OI20100924
Aleksandr Matrosov, Senior Virus Researcher
Eugene Rodionov, Rootkit Analyst
David Harley, Senior Research Fellow
Juraj Malcho, Head of Virus Laboratory
http://go.eset.com/us/resources/white-papers/Stuxnet_Under_the_Microscope.pdf
Poisoning was a big problem in the 1920s of America. “The Poisoner's Handbook” tells a fascinating tale about the early men of toxicology, Charles Norris and Alexander Gettler, in criminal investigations and public health. Produced and directed by Rob Rapley, the film, "The Poisoner's Handbook," shows many poisoning stories together which tells a mix of mysterious and heartbreaking deaths. This is evident that humans will use accessible items, including everyday household products, to kill each other. The film integrates the birth of forensic science with the rise of big businesses and local politics. Many murderers roamed free until enough political will was assembled to implement a new medical examiner system in the 1920s.
The 2001 anthrax attacks was one of the worst bio-weapon attacks on the US in history. The attacks where done through the mail. The anthrax was placed in envelopes with a letter and mailed from various locations to different people and organizations. The anthrax filled letters ended up killing 5 people, causing 17 to become sick and exposing anthrax it is believed to as many as 30,000 people. During the mail process spores of anthrax from the letters escaped and got on mailroom equipment exposing postal employees. If a person was exposed to enough anthrax and developed symptoms they typically died in a few days. Postal workers during the attacks where told that anthrax will appear as a white powder t...
All information obtained about an IP address from where authorities suspected the worm had came from led them to obtain a search warrant on a individual on August 19, 2003. On that day, FBI and USSS Special Agents seized seven computers throughout the household. The individual in question, Jeffrey Lee Parson, admitted to agents that he modified the Blaster worm and creating a variety of them including one named, W32/Lovesan.worm.b. Within the worm he placed code that would direct computers to his personal website, www.t33kid.com, so he could maintain a list of compromised computers.
Ricin is a lethal toxic agent that can be found in the seeds of castor bean plant. According to CDC at http://www.bt.cdc.gov/agent/ricin/facts.asp, ricin is created from castor bean waste after it had been processed and castor oil is made. The agent is illegal and is not available in the United States, but is available in the international countries. The agent itself is known to be expensive within the international market, but the castor bean plant can be found anywhere. The agent can be used as a biological or chemical weapon of mass destruction. During the World War II, the agent was identified as W agent by Croddy and Wirzt (2005). Ricin is deadly and can enter into the body in many ways. Croddy and Wirtz (2005) stated that ricin can enter the body through injection, inhalation, or indigestion. Ricin comes in the form of liquid, powder, or pellets. The agent is tasteless, odorless, and can be hardly detected at times depending on the nature of the agent. It can be spread widely and easily through food or water contamination if a large amount got in the hands of the enemies or terrorist. Ricin is not a contagious agent, but can be spread through the population if it’s in the food, drink, or on the clothing and person touches it. Symptoms of the agent when exposed are abdominal pain, vomiting, diarrhea (sometimes bloody, dehydration, decrease in urine, decrease in blood pressure and may cause death within 3-5 days. Currently, there is no treatment for the agent. It can also be produced as bombs or any other explosive device. How it is delivered maybe depending on the enemies. Ricin may be deadly, but according to the http://www.bt.cdc.gov/agent/ricin/facts.asp (2013), has been used as therapy for cancer. T...
Mandiant is an information security company which deals with the advanced threat detections and response solutions. It has investigated various computer security breaches, the major security breaches are attributed to advanced threat actors referred to as the “Advanced Persistent Threat” (APT). APT1 is one of the most prolific cyber espionage groups in China, it has stolen the large amount of confidential data from 141 organizations all over the world. This report was released on 18 February 2013, provided evidences of APT1 group identity, time line and details of attack infrastructure, economic espionage, commands, and its modus operandi.
In 1843, lantana, a noxious weed from Central America, made its way to Australia as an ornamental shrub. Lantana rapidly infested approximately 4 million hectares. Recently new bio control ideas have come to light, such as using Eriophyoidea, which is a mite. Many mite species are virulent parasites. Seven species of Eriophyoidea are known to associate with the lantana, such as Calacarus lantanae Boczek and Chandrapatya, Diptilomiopus camarae Mohanasundaram, Eriophyes lantanae, Paraphytoptus magdalenae Craemer, Phyllocoptes lantanae Abou-Awad and El-Banhawy, Rhynacus kraussi Keifer, and Shevtchenkella stefneseri Craemer. There are many other types of mites that have been known to attack different linages of lantana. If mites were released into
Multi-platform computer worms are a tool that computer hackers use to infect computers to gain control access. Computer worms are a dangerous virus because they are self-replicating, meaning that they multiply themselves and spread onto other computer networks seeking a lapse in internet security. Computer worms do not need to attach themselves onto an existing computer program to gain access to the victim computer files. The computer worm was created on accident by a Cornell student named Robert Morris; he was seeking a way of managing the internet in 1988. “Morris had no malicious intent, but a bug in his program caused many of the computers the worm landed on to crash. … but worms had come of age and have since evolved into an effective way of attacking systems connected to the internet” (Barwise). Today, hackers use the Morris worm to infect computers. “Five men believed to be responsible for spreading a notorious computer worm on Facebook and other social networks — and pocketing several million dollars from online schemes — are hiding in plain sight in St. Petersburg, Russia …” (Richmond). Since the good intended creation of the worm it has only been used maliciously as a computer virus by money seeking computer hackers such as the Koobface gang in Russia.
When it comes to herbicides the most conversational topic is the effects of the herbicide on human health. The American Cancer Society has glyphosate as a member of their Probable Carcinogen (meaning it could be cancerous) list, where the statement was last medical review in 2014, and was last revisited in 2016 but not medically tested (American Cancer Society, 2016). This is the proof that backs up the statement the Ecology Action Centre (2016), an organization located in Halifax, Nova Scotia, whose goals are to build a sustainable future, used as a main point to advocate against the use of glyphosate in Nova Scotia’s Forests. A study done in Changwon, South Korea by Dr. Young Kim (2014), shows that glyphosate is nothing to fear, as his patients
Having first appeared in Russia in 2005, referred as Winlock, that successfully scammed over £10m from unsuspecting victims before the Russian authorities arrested 10 individuals for involvement in such hackings in 2010, however it hasn’t stop the growing number of the problem. With such profitable money to obtain, perpetrators have discovered new ways to spread the malware and to cash-in at the expense of victims.
Used by hackers for espionage purposes, it infected other systems over a local network (LAN) or USB stick including over 1,000 machines from private individuals, educational institutions, and government organizations. It also recorded audio, including Skype conversation, keyboard activity, screenshots, and network traffic. It was discovered on May 28, 2012 by the MAHER Center of Iranian National Computer Emergency Response Team (CERT), the CrySys Lab and Kaspersky Lab.
Impact: An official with the security company Postini claimed that the firm detected more than 200 million e-mails carrying links to the Storm Worm during an attack that spanned several days
The methods developed for an APT don’t always end with one attack. These techniques are often copied and applied by other perpetrators against other targets, including organizations of all sizes. Eventually, these techniques may be commoditized and turned into malware kits that are readily available to common hackers for a nominal cost (Rivner, 2011).
In this globalized arena, with the proliferating computer users as well as computer networks, risks associated like Malware attacks are also multiplying. As the proverb
A cyber crime called 'Bot Networks', wherein spamsters and other perpetrators of cyber crimes remotely take control of computers without the users realizing it, is increasing at an alarming rate. Computers get linked to Bot Networks when users unknowingly download malicious codes such as Trojan horse sent as e-mail attachments. Such affected computers, known as zombies, can work together whenever the malicious code within them get activated, and those who are behind the Bot Networks attacks get the computing powers of thousands of systems at their disposal.
Malware can survive in a number of ways say different sizes, shapes and also the purpose ranging from viruses to spyware and to bots. Malware in general is classified into two types. They are the concealing malware and infectious malware. In case of infectious malware, the malware code is said to spread all over which means that the software code shall replicate from one user to another and this goes on. In infectious malware, we need to consider two cases, which are called the viruses and the worms. Viruses are termed as the software that has executables within itself and causes the executables to spread when it is run. The second case called worms is a software which infects a computer and then spreads to others.