funsec mailing list archives
Re: APT definition
From: rackow () mcs anl gov
Date: Mon, 11 Apr 2011 21:45:51 -0500
security curmudgeon made the following keystrokes:
As is "persistent".. sending a couple PDFs to employees over a one day period got the foot in the door of RSA. That is not "persistent" as far as anything I have seen or done.
There are 2 ways this is persistent. 1st, they keep trying to get a foothold onto the victims machine. Sending the PDF is just one attempt. How many infected web ads were stopped? How many "over quota" emails didn't succeed. Just because they indicated it was yet another hole in Adobe that allowed them to get on does not mean they didn't have 100's of other attempts. Next, and more importantly, once they got that foothold they kept it. From the stories out there, once they got the user level desktop they kept a good hold on that system as they searched around til they found machines or users with more and more access until they finally got the keys to the kingdom. I would hope that RSA is taking a serious look everywhere to see what bits may have been left behind and where. Nothing like finding another timebomb custom backdoor malware package set to go off in several months to make one realize what persistent really means. The PDF wasn't infected with the ultimate in "Skynet" code that was smart enough to take over the world all by itself. --Gene _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- APT definition Rob, grandpa of Ryan, Trevor, Devon & Hannah (Apr 11)
- Re: APT definition Paul Ferguson (Apr 11)
- Re: APT definition security curmudgeon (Apr 11)
- Re: APT definition Paul Ferguson (Apr 11)
- Re: APT definition security curmudgeon (Apr 11)
- Re: APT definition Paul Ferguson (Apr 11)
- Re: APT definition Valdis . Kletnieks (Apr 11)
- Re: APT definition Valdis . Kletnieks (Apr 11)
- Re: APT definition Joel Esler (Apr 11)
- Re: APT definition RL Vaughn (Apr 11)
- Re: APT definition security curmudgeon (Apr 11)
- Re: APT definition rackow (Apr 11)
- Re: APT definition Rich Kulawiec (Apr 12)
- Re: APT definition Paul Ferguson (Apr 11)