Friday, April 03, 2009

'Tenuous' Trail Leads From GhostNet to Hacker

Rob Lemos writes on SecurityFocus:

A telltale e-mail address in the GhostNet report led two researchers to the online home of a seemingly low-level Chinese hacker, according to an analysis posted on Thursday, but an author of the original report stressed that the cyber criminal is likely only related to a lesser piece of malware.

The latest analysis follows the online trail from an e-mail address turned up by researchers as part of their investigation into GhostNet, a cyber espionage network that spanned 1,295 compromised systems including computers belonging to embassies and dissident groups. The e-mail address led to a twenty-something Chinese hacker born in Chengdu City in the Chinese province of Sichuan, according to a blog post by Scott Henderson, a blogger who follows the Chinese hacking community.

However, the e-mail address was found only on two of the computers analyzed for the investigation, said Nart Villeneuve, a researcher at the CitizenLab and one of the authors of the GhostNet report. Both computers had been infected with a second piece of malware, separate from the gh0st remote access tool (gh0stRAT) that formed the backbone of the surveillance network, he said.

"That is a valid piece of malware but it is not the one related to the malware that connected to the admin interface for the gh0stRAT," Villeneuve said.

More here.


Post a Comment

<< Home