iTnews
  • Home
  • News
  • Technology
  • Security

'Iranian Cyber Army' cons security researchers and fellow crooks

By Dan Kaplan on Nov 5, 2010 1:17PM

Fake data?

The Last Line of Defense (TLLOD) is questioning the amount of computers under the control of the 'Iranian Cyber Army', and believes that the botnet purveyors are actually hosting a fictitious administrator console designed as a honeypot to trip up white-hat researchers and attackers trying to learn about the group's operations.

Last week, researchers at cyberthreat management start-up Seculert claimed that the gang previously best known for defacements against Twitter and Baidu had shifted its operations to infecting machines with malware to amass a botnet.

Citing information from the group's crime server statistics page, researchers estimated that the botnet consisted of at least 400,000, but perhaps as many as 20 million, compromised machines.

But based on reconnaissance into a recent spam run that pushes Zeus-laden emails claiming to come from the U.S. Electronic Federal Tax Payment System (EFTPS), the cyber gang's exploit toolkit actually contains a control interface supplying bogus data, Thorsten Holz, a senior threat analyst at TLLOD, told SCMagazineUS.com in an email.

The goal of the interface, in fact, is not to provide valid data but to gain insight into the competition, TLLOD researcher Brett Stone-Gross said in a blog post.

"Note that it's common for most exploit toolkits to contain an admin interface that manages exploits, payloads, and tracks exploit success rates,"  he wrote. "However, the EFTPS exploit toolkit contains a completely fake admin console. This admin interface acts as a 'hacker honeypot' that records detailed information about who attempted to access the admin console, as well as who attempted to hack into it."

Aviv Raff, co-founder and CTO of Seculert, said that if TLLOD is right, he and his team might have fallen for the trick.

"According to the information they [TLLOD] present, the numbers in the statistics page [do] seem to be fake," Raff told SCMagazineUS.com via instant messenger. "If this is indeed fake, it would be interesting to know the real numbers." 

Holz tossed one more possibility into the ring.

"I am not sure if the Iranian Cyber Army guys are actually from Iran," he said. "The backend had lots of Russian comments, and I think this is just another attempt to confuse researchers."

That would run counter to Raff's belief that the Iranian Cyber Army moved from defacements to malware possibly out of revenge, amid reports that the Stuxnet worm predominantly has been invading control systems belonging to Iran.

See original article on scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
conscrooksfellowhoneypotiranian cyber armysecuritywith

Partner Content

Avoiding CAPEX by making on-premise IT more cloud-like
Promoted Content Avoiding CAPEX by making on-premise IT more cloud-like
Accenture and Google Cloud team up to create a loveable, Australian-first, renewable energy product
Promoted Content Accenture and Google Cloud team up to create a loveable, Australian-first, renewable energy product
Security "mindset shift" needed to protect organisations
Promoted Content Security "mindset shift" needed to protect organisations
The Great Resignation has intensified insider security threats
Promoted Content The Great Resignation has intensified insider security threats

Sponsored Whitepapers

Free eBook: Digital Transformation 101 – for banks
Free eBook: Digital Transformation 101 – for banks
Why financial services need to tackle their Middle Office
Why financial services need to tackle their Middle Office
Learn: The latest way to transfer files between customers
Learn: The latest way to transfer files between customers
Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see

Events

  • Forrester Technology & Innovation Asia Pacific 2022
By Dan Kaplan
Nov 5 2010
1:17PM
0 Comments

Related Articles

  • Palo Alto Networks alerted to DoS vulnerability in routers
  • US puts million-dollar bounty on Russian ransomware raiders
  • Wesfarmers to stand up offensive cyber security capabilities
  • ACCC greenlights Google's buy of Mandiant
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

NSW Police dumps Bezos-backed Mark43 from core systems overhaul

NSW Police dumps Bezos-backed Mark43 from core systems overhaul
Australian court finds insurer not liable for ransomware clean-up costs

Australian court finds insurer not liable for ransomware clean-up costs
NBN Co proposes to axe CVC across all plans by mid-2026

NBN Co proposes to axe CVC across all plans by mid-2026
ADHA extends Accenture's My Health Record support deal for $100m

ADHA extends Accenture's My Health Record support deal for $100m

Digital Nation

Domino’s invests in observability for zero contact delivery
Domino’s invests in observability for zero contact delivery
Australia will lose 11 percent of jobs to automation by 2040: Forrester
Australia will lose 11 percent of jobs to automation by 2040: Forrester
Criteo to fork out $94.7m for consent breaches
Criteo to fork out $94.7m for consent breaches
Metaverses on the agenda for Dominello, Husic ministerial meeting
Metaverses on the agenda for Dominello, Husic ministerial meeting
COVER STORY: How KPMG, Mirvac and ASX use blockchain to build trust in the property sector
COVER STORY: How KPMG, Mirvac and ASX use blockchain to build trust in the property sector
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.