Slashdot Mirror

← Back to Stories (view on slashdot.org)

UK Critical Structures Targeted by Trojan Attacks

Posted by Zonk on from the beware-greeks-bearing-gifts dept.

ElGanzoLoco writes "The UK's National Infrastructure Security Coordination Centre is reporting that key british infrastructures (government, telecom, transports, banks among others) are under attack by specific, targeted e-mail trojans. According to their report (PDF), 'the emails use social engineering to appear credible, with subject lines often referring to news articles that would be of interest to the recipient. In fact they are "spoofed", making them appear to originate from trusted contacts, news agencies or Government departments.'. The attackers are apparently trying to gather sensitive or secret data. While the NISCC has not been able to precisely trace the attacks' origins, most IPs seem to trace back to Far-East Asia."

5 of 102 comments (clear)

  1. Just like spam by Anonymous Coward · · Score: 2, Informative


    like most spam seems to originate in China but in reality its American spam gangs sending spam via China
    iam sure this is no different

    1. Re:Just like spam by 1u3hr · · Score: 3, Informative
      I would be very interested to know how they find ways to hop the Great Firewall of China twice...

      China doesn't really care about through traffic, but about what their citizens are reading and writing. The "firewall" is just a wordplay, not a useful metaphor for how China manages its part of the net.

  2. "Secret" data? by ssimpson · · Score: 4, Informative

    According to UK Government operational and configuration guidelines for classified system (primarily JSP440), any system containing CONFIDENTIAL or data with high protective marking just won't be connected to the internet so therefore won't get the mails and therefore won't be able to leak to the internet?

    So how the hell would these PC leak SECRET data at all?

    --
    "Mary had a crypto key, she kept it in escrow, and everything that Mary said, the Feds were sure to know."
  3. There's a lot coming from 222.136.55.64 by NigelJohnstone · · Score: 4, Informative

    Seems to be a lot coming from one IP address.

    ----------------------
    "Rejected mail, The original message was received at Fri, 17 Jun 2005 08:05:12 +0800 from uniontrib.com [121.206.16.100]."
    Actually its a trojan (a.COM) in a zip file.
    Comes from 222.136.55.64 = China
    -----------------------

    "RETURNED MAIL: SEE TRANSCRIPT FOR DETAILS"
    Another from 222.136.55.64 ....

    I think they're just paranoid, we have nothing to do with security or government, yet we get these trojans all the time too.

  4. SANS Community by kc0re · · Score: 4, Informative

    The SANS community broke this news yesterday on the DShield listserv... Check out Incidents.org for the current news concerning it. As well as the ongoing investigation.