Slashdot Mirror
US Goverment Employees Targetted By New 'GovRAT' Malware (computerworld.com)
Security researchers have detected an upgrade to the GoVRAT malware, which targets government employees and bypasses antivirus tools using stolen digital certificates. An anonymous reader quotes Computerworld:
Through GovRAT, hackers can potentially steal files from a victim's computer, remotely execute commands, or upload other malware to the system... The malware features an additional function to secretly monitor network traffic over the victim's computer -- something with scary consequences. "If you're downloading something from a particular resource, the hackers can intercept the download and replace it with malware," said InfoArmor CIO Andrew Komarov on Friday.
Last year, InfoArmor said that earlier versions of GovRAT had attacked more than 15 governments around the world, in addition to seven financial institutions and over 100 corporations. The security researchers say GovRAT comes with "a stolen database of 33,000 Internet accounts, some of which belong to U.S. government employees," including names, email addresses and hashed passwords.
Last year, InfoArmor said that earlier versions of GovRAT had attacked more than 15 governments around the world, in addition to seven financial institutions and over 100 corporations. The security researchers say GovRAT comes with "a stolen database of 33,000 Internet accounts, some of which belong to U.S. government employees," including names, email addresses and hashed passwords.
US government... malware... for a minute i thought they were talking about Congress. That's about as malware as it gets
Karma is a bitch, eh....
Yeah, thank Snowden for that.
Clinton is a part of the problem though, not part of the solution.
'Yep, hang him up high. Fuck that traitorous shithead.'
This comment says more about the writer than about Snowden.
He didnt flee to Russia, the us revoked his passport before he could fly out.
At least get your own bullshit straight.
He wasn't traveling on his passport, he was traveling on temporary travel documents issued by the Ecuador government.
So you're full of shit.
Good job mods.
Wrong, faggot. The U.S. government revoked his passport, so he cannot leave.
Much easier to turn him into a RUSSIAN BOOGIEMAN when you make him stranded there, isn't it?
https://www.rt.com/usa/162144-...
hear hear..
I had to go nosing around for that tidbit.
That sounds like a suspiciously specific cause for a Dalek.
Ezekiel 23:20
Oh, wait, we do. The NSA. Their job should be to find these vulnerabilities, notify the vendor, and help keep us all safe. Too bad our current USA government is so corrupt simple things like this simply don't happen.
Oh, wait, we do. The NSA. Their job should be to find these vulnerabilities, notify the vendor, and help keep us all safe. Too bad our current USA government is so corrupt simple things like this simply don't happen.
NSA = National Security Agency ... FOR THE ESTABLISHMENT, NOT THE PEOPLE.
Collateral damage is OK in this government branch if it means the establishment can gain even the slightest edge in screwing over anyone they don't like.
Because the NSA wants to use GovRAT themselves!
The NSA, GCHQ, CIA want to see who is looking for what on wide open, junk private sector contractor supported US gov networks.
The huge hope is that someone interesting will look for a project or name on a gov network and expose the real origins of such hidden information.
What really happened is the plain text US networks are left so wide open that anyone can log in and look around, save all data found in bulk, plain text or test malware on a huge scale. Why risk a live search and real time detection, just save it all.
For a honey pot to work the lid has to be kept off.
That exposed entire US gov sectors and all their contractors to some risk.
Other agencies see that gov bait as a wonderful tracking tool while fully protecting their own networks.
The other aspect is budgets, for US gov cyber budgets to grow, issues like this have to make it to the press and be fully reported on.
More cash for private sector contractors to track and fix the issues any US gov worker could as part of their job.
Spies and the private sector are enjoying the work load, over time, profits and results. All other US gov workers are just left to float around on open junk networks.
So the NSA is looking at everything, just not looking to protect anything.
Domestic spying is now "Benign Information Gathering"
Oh, please! It's Putin's. With an apostrophe.
Wrong.
That's Trump doing the tube-steak boogie
"GoVRAT malware, which targets government employees"
Slashdot is getting as bad as the rest of the technical press. As in choking on the words Microsoft Windows in relation to malware. If the NSA hadn't expended so much effort in diluting security on Microsoft Windows then we wouldn't be in this mess.
This software should be mandatory on every government computer, with a slight modification that all info is made publicly available.
Should be now problem, I am sure they have nothing to hide.
The ability to use stolen certificates to bypass intrusion detection and anti-virus is troublesome. Do they really bypass all checks on signed binaries? It is another instance of the key-management problem all over again.
So if it can extract, can it also insert? Say porn, or child porn? Nice way to knock out opponents looking to reign in the security apparatchik of United States.
And who of the five eyes uses this? Is Mossad including on the CC (or BCC)?