< "Exploring Multiple Execution Paths for Malware Analysis" | Status Report German Honeynet Project >

Disclosing too much...

F-Secure's blog has today an entry entitled "Advanced tools to handle stolen information". That blog entry deals with an information stealing trojan which sends all collected data to a central drop site. They also have some screenshots and this is were things get messy: using the information from the screenshot, it is trivial to find information about other victims. Within a couple of minutes I could find personal data of about 100 other victims. This information includes, amongst other, the following entries:
  • system info: user, processor, operation system, memory, IP address, disc information, folders, process list, installed programs, ...
  • ICQ 2003a & Lite passwords
  • dialup passwords
  • passwords from Windows protected storage
  • Wand & email Opera passwords

Perhaps it is better to handle such information more carefully and not publish too much. FX wrote about this topic some time ago in the Sabre Lablog: "Irresponsible Disclosure"
This entry was posted by Thorsten Holz on Thursday, May 10. 2007 at 19:53. and is filed under general. You can leave a response, or trackback from your own blog. All new comments are subject to moderation before being displayed.

Trackbacks

Trackback specific URI for this entry

    No Trackbacks

Comments

Display comments as (Linear | Threaded)

  1. pheh says:
    #1 2007-05-11 16:32 (Reply)

    Well speaking as someone who discovered that site before F-Secure posted their write-up ... I agree.

    There was absolutely no need for them to define site specific details when giving readers a walk through of the 'hows and whats'.

    If it weren't for the fact that the vast majority of infected computers at that particular LDPinch dump are located in Russia - I would expect more outrage. But as it stands I have no doubt they will take no real legal or reputation hit.

    pheh
    http://www.shadowserver.org


Add Comment


Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
E-Mail addresses will not be displayed and will only be used for E-Mail notifications

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA
 
Submitted comments will be subject to moderation before being displayed.