Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chinese military tied to prolific hacking group targeting US aerospace industry


  • Please log in to reply
6 replies to this topic

#1 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:10:00 AM

Posted 10 June 2014 - 01:50 AM

The group typically gains a foothold in sensitive networks by attaching booby-trapped documents to e-mails, according to a 62-page report published Monday by Crowdstrike, a firm that conducts forensic investigations on behalf of customers who have suffered security breaches. When employees click on the documents, the attackers are able to gain control over their PCs. The attackers then use the PCs to take control of servers housing blueprints, customer lists, or other sensitive data

http://arstechnica.com/security/2014/06/chinese-military-tied-to-prolific-hacking-group-targeting-us-aerospace-industry/
 
This is a perfect example of why you should never click on attachments from unknown sources. If you ever get a email from unknown/ suspect source's JUST DELETE it. You can't rely on your antivirus to protect you, even email's from family and friend's are suspect especially the ones with those stupid joke attachments.
 
PC security starts and ends with you.
 
Nick

Edited by NickAu1, 10 June 2014 - 01:54 AM.

Arch Linux .
 
 Come join the fun, chat to Bleeping computer members and staff in real time on Discord.
 
The BleepingComputer Official Discord Chat Server!


BC AdBot (Login to Remove)

 


#2 palerider2

palerider2

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:00 AM

Posted 10 June 2014 - 04:46 AM

My uneducated, but perhaps rational, response to this and other attacks using Office would be:

1. assume that Office will not be free of vulnerabilities for 'quite a few years'

2. MS - make a secure version that always runs inside a sandbox (built-in to Office)

3. Equip it with detection abilities, such as provided by buster sandbox analyser

4. Take action when 'buster' is suspicious e.g. abort Office

5. Always empty the sandbox when Office closes

 

How much easier is that than reactively fixing vulnerabilities as they arise ?

 

It just seems to make more sense ???????????


Edited by palerider2, 10 June 2014 - 04:48 AM.


#3 scotty_ncc1701

scotty_ncc1701

  • Members
  • 520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:00 PM

Posted 10 June 2014 - 08:31 AM

 
This is a perfect example of why you should never click on attachments from unknown sources.
 

 

I never open, or download attachments on e-mails, nor does my wife, with one exception.

She has a home business, and she gets her "orders" via e-mail.  However, the attachment is a plain text, CSV file, which greatly reduces the chance of any issues.  She only gets her orders from one person; and she downloads the CSV, and it's automatically scanned by AVAST, then she scans it with multiple of programs manually.

My wife and I have been back together 14+ years (we've known each other for 50+ years -- since first grade), and she follows my lead on computer security; and she hasn't been infected in 14+ years.  As I said above, she only gets her orders from one person, and all other e-mails, that has attachments, she deletes, without question (she only uses the web mail interface).

She, just like me, warned all our contacts, that we don't accept e-mails with attachments, except for her getting her orders, which is basically a "plain text" file, which makes it basically impossible to put a virus in.  Yes, I know that files can be renamed to hide viruses, that is why there are multiple scans before the file is actually opened in Excel.

For me, the Mailwasher program I use is set to automatically delete any e-mails with attachments, on the server.  I had several friends send me e-mails with attachments, and ask me later if I got them.  I reminded them about my rules.  Their response was they thought I was joking, and I'd say, "Well, you thought wrong"!  They'd tell me that it was really important.  Once they were grilled, everytime it was a joke, funny picture, etc.  In every case when I found out it was a joke, funny picture, etc, the account I assigned to them (see my next post), was deleted, and they could only talk to me via snail mail, or the phone.


Edited by scotty_ncc1701, 10 June 2014 - 08:32 AM.


#4 scotty_ncc1701

scotty_ncc1701

  • Members
  • 520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:00 PM

Posted 10 June 2014 - 08:34 AM

This is a followup on my previous post.

 

I've had some people pick up the way I do my e-mail.  What I'm about ready to explain can be done with any e-mail provider that allows you to automatically forward e-mail.  However, in my case, I have my own domain for just e-mail.

What I do, for each individual, or group, I assign them a separate e-mail to use.  For example jack.o.(random_characters)@mydomain.com, samantha.c.(random_characters)@mydomain.com, etc.  I then forward these accounts to a "receive only" account like mro@mydomain.com.  I then place all the server side filters on mro@mydomain.com, and download all e-mails from mro@mydomain.com.  Most of my filters, except 6-12, are in Mailwasher.

Then if I get SPAM, which I haven't yet, on say account the jack.o... account, I then delete it, and jack.o must keep in contact with me via snail mail, or the phone.  If for example, I'd get SPAM on the jack.o... account, then it is jack.o's fault, and I cancel his account, no questions asked, for excuses accepted.  The same applies, for example, if my e-mail (in this case jack.o...) is put in the TO or CC line, then the account is deleted.  My e-mail has been compromised.

There is one service, that I haven't used in years, that people might consider using.  The service is:

https://www.spamgourmet.com/

Basically here is how it works:

1.  Establish an account (call it for this post: coffee).

2.  Create a some word like, "garden".

3.  Decide how many time it can be used, say 2 times.

4.  Then provide the addressee with the e-mail: garden.2.coffee@spamgourmet.com

5.  When garden.2.coffee@spamgourmet.com gets an e-mail, it will forward it to the e-mail on record with spamgourmet.com.

6.  What happens, after coffee@spamgourmet.com receives two e-mails, with the first word garden in it, all subsequent e-mails are bounced back.

7.  According to spamgourmet.com they will not forward e-mails with attachments.

 

To create another e-mail, just choose another word, the number of times it can be used, and provide that to the person.  So in the above example, just give say cucumber.3.coffee@spamgourmet.com, and it can be used 3 times.  You can at any time reset the number of times used manually, or cancel the e-mail, in this case cucumber.3.coffee@spamgourmet.com at any time.

 

Since I got my own domain for e-mails, I stopped using spamgourmet.com.  But it is one tool to help reduce unwanted e-mails.
 


Edited by scotty_ncc1701, 10 June 2014 - 08:37 AM.


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,475 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:00 PM

Posted 10 June 2014 - 09:59 AM

Email & Attachments: Resources for How to Protect Yourself:

Email & Attachments: How to Protect Yourself Tips from Microsoft:

TIP: Block execution of any file that ends with .pdf.exe...as this is often the format used in many malicious email attachments.

 


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 scotty_ncc1701

scotty_ncc1701

  • Members
  • 520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:00 PM

Posted 10 June 2014 - 11:53 AM

Here are a few things to consider:

1. NO ONE HAS THE RIGHT TO E-MAIL ANOTHER. If the addressee says not to send jokes, etc, and the sender is blocked in one way or another, it's the sender's fault, not the addressee.

2. Since I own my own domain for e-mails, the e-mail addresses are MY PROPERTY, I'm the one dictates who can use it. If the sender doesn't like it, tuff.

3. If the sender doesn't like the addressee's rules, then don't e-mail the addressee. The sender has no leg to stand on. If the sender placed on a list like spamhaus, then its the sender's fault.

4. I use to give people a single "do-over" (delete one e-mail and give them a new one to use), in case the it was an honest mistake. Now, there are no "do-overs", NO MATTER WHAT.

5. One way to avoid issues, is not to accept e-mails with attachments. Delete them before they get to your computer.

6. Read all e-mails as plain text.

7. Use the e-mail forwarding like I described previously. If jack.0... (for example) violates my rules, I delete the e-mail and all his stuff is bounced back.

8. Alternative to #7, use a service like spamgourmet, previously mentioned.

9. Have alternate, temporary e-mail accounts. For instance, when I ordered my restore CD/DVDs, I created an e-mail account for the order on my domain. Once I got the CD/DVDs, I deleted the e-mail account. So if the PC Manufacturer sends me surveys, etc, they're bounced back, indicating the e-mail isn't valid. This eliminates SPAM from the PC Manufacturer.

8. I use Mailwasher to see what's on my server, before I download them. The filters eliminates any problem e-mails before they get to my computer. Say for instance, multiple people here indicate they've had problems with e-mail whatever@somedomain.com. I MAY place whatever@somedomain.com in the blacklist.

9. As of about a week or so ago, I was able to find 500+ known TLD (Top Level Domains -- e.g. *.com, *.ru, *.gov, etc). All of these 500+ TLDs are in my blacklist, with only 6 not being blocked. But, my filters and other blacklist entries take cake of known problems within these 6 TLDs.

10. I'm currently writing a program that will replace Mailwasher. Everything is going well. I've taken a little break, for a few days and will be getting back to it. It will be 100% freeware, and not be crippleware, etc. The initial released version ("Beta 1") will only handle one account (that's the current plan), ("Beta 2") or ("Beta 3") will handle multiple accounts... at least that the current plan.

11. As I've said before, I take an aggressive approach to protecting our PCs, and the above is just scratching the surface.

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,475 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:00 PM

Posted 10 June 2014 - 03:35 PM

...As I've said before, I take an aggressive approach to protecting our PCs, and the above is just scratching the surface.

:thumbup2:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users