[nsp-sec] Question about the known capability of Storm...
White, Gerard
Gerard.White at aliant.ca
Mon Feb 4 03:26:56 EST 2008
I have not seen a directive from the Storm CnC to
Grab creds... Since Storm does grab email addys
>From the machine (depending on the value of the
Victim) you may expect a Spear phish down the road (to complete the cred grab task...)
GW
855 - Bell Aliant
-----Original Message-----
From: nsp-security-bounces at puck.nether.net <nsp-security-bounces at puck.nether.net>
To: nsp-security at puck.nether.net <nsp-security at puck.nether.net>
Sent: Mon Feb 04 01:25:19 2008
Subject: [nsp-sec] Question about the known capability of Storm...
----------- nsp-security Confidential --------
We have an incident investigation underway involving a laptop that
was infected with Storm. Lawyers involved in the investigation are
wondering whether there are any cases where Storm is known to have
been used to steal SSNs (or I suppose credit card numbers). I've
read that Storm infected computers have been used in phishing
attacks, but that's not what they're wondering about.
I realize that there's no practical way to demonstrate that this
hasn't been done in our case, but that's not the question that the
lawyers are asking.
If you know whether there are any variants of Storm that contain code
to search for SSNs or credit card numbers on the local system, or
whether you know of cases where someone "strongly" suspected that
Storm was being used to harvest SSNs or credit card numbers directly
from the infected system, could you drop me a line?
Thanks.
--- Steve
_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security
Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
community. Confidentiality is essential for effective Internet security counter-measures.
_______________________________________________
More information about the nsp-security
mailing list