Malware hosted on Mid-west ISP
Posted by: Timothy Weaver on 08/07/2013 03:43 PM
[
Comments
]
Security researchers have uncovered what appears to be a malware-based attack targeting Indian military or government entities and designed to steal information.
The malware samples were discovered on the systems of a small US Midwest ISP.
On the same subnet in Kansas City, Missouri, researchers found a .zip file full of malware under the guise of a decoy document detailing alleged Pakistani incompetence in locating Osama Bin Laden.
"There are several different self-extracting archive samples (likely targeting campaigns) which used two different decoy methods. One of the decoy methods used PDFs, the second decoy method was Flash videos," said Rich Barger, director of the ThreatConnect Intelligence Research Team (TCIRT).
"In all instances the malware was shrouded within India/Pakistan-themed content and was hosted with a small subnet that doubled as a command-and-control point."
The malware samples were discovered on the systems of a small US Midwest ISP.
On the same subnet in Kansas City, Missouri, researchers found a .zip file full of malware under the guise of a decoy document detailing alleged Pakistani incompetence in locating Osama Bin Laden.
"There are several different self-extracting archive samples (likely targeting campaigns) which used two different decoy methods. One of the decoy methods used PDFs, the second decoy method was Flash videos," said Rich Barger, director of the ThreatConnect Intelligence Research Team (TCIRT).
"In all instances the malware was shrouded within India/Pakistan-themed content and was hosted with a small subnet that doubled as a command-and-control point."
Comments
