put out a hit contract on the authors and operators of this crap, with orders to chop their fingers off.
Received surprise new Redmond licenses? You might be pwned
Black hats are flinging supposedly free licenses at enterprises in a bid to get malware on corporate networks, security bod Martin Nystrom says. They wrote malware that was slightly neurotic in its bid to evade detection and would make use of the Tor network to receive stolen data. The Cisco threat defence man said realistic …
COMMENTS
-
-
Tuesday 10th February 2015 09:46 GMT Anonymous Coward
put out a hit contract on the authors and operators of this crap, with orders to chop their fingers off.
Really? It would be more interesting to find a way to sue the authors of code with such blatant weaknesses that it's still a risk to put a newly installed box anywhere near the Internet without a lot of extra protection. I had some hope that the Vista debacle would wake people up to the problem with a monoculture but no - good marketing and politics will always prevail over common sense.
Licensing failures were one of the most overlooked business risks until FAST started to make a quick buck with it, so I can understand the nervousness - it's a perfect social engineering vector because it's so complex you'd think it was almost designed to be opaque so you have the fear for liability as a nice tool to play with. Add to this the fact that Windows is not exactly secure by design and it's actually a miracle this did not happen earlier.
Having said that, you need to understand the corporate world for this one - I'd look for a minion of a large organisation as perpetrator.
-
-
Tuesday 10th February 2015 08:26 GMT adnim
Plain text
email.
I presume all emails are phishing emails.
I can understand the average user falling for a phishing scam, especially when emails are written in HTML and displayed as web page.
I don't understand how an IT professional can fall for a such a trick. (Note the word professional).
-
-
Tuesday 10th February 2015 09:33 GMT Marc 13
Re: IT professional
"I don't understand how an IT professional can fall for a such a trick. (Note the word professional)."
Because there's a lot of IT run by the guy (or gal) in the office who "knows about computers". They then get another job "in IT" because they "ran" the last company's IT.
He/she is now an IT Professional. Q.E.D.
-
Tuesday 10th February 2015 09:56 GMT fearnothing
Re: IT professional
As an IT security professional, I can attest to this.
Seriously though. Don't trust the list of domains that Cisco's blog indicates are being used - I'm pretty sure it's incomplete.
-