[liberationtech] Recent Malware in Syria

Josh jdsaxe at gmail.com
Thu Mar 15 09:10:02 PDT 2012 

Hi -

I am a malware researcher by profession and would be happy to help - I live in DC, suggestions about how I might volunteer would be appreciated on or offlist.

Josh

On Mar 15, 2012, at 11:15 AM, Andrew Lewis <andrew at pdqvpn.com> wrote:

> We've found a new one related to the fake YouTube page and have mostly ripped it apart. It seems to resolve to a no-ip.info server for C&C, and until it was reported by us was not showing in malware scans anywhere. We are currently ripping it apart at telecomix. It appears to resolve to a user in the same general address space as earlier viruses. 
> 
> -Andrew
> 
> On Mar 15, 2012, at 3:02 PM, Susanne Fischer <susannef at iwpr.net> wrote:
> 
>> We are looking into these issues as well as part of our cyber-arabs project that provides online security support to activists in the Arab world.
>> 
>> Our website (in Arabic) 
>> 
>> www.cyber-arabs.com
>> 
>> We also recently investigated a virus attack carried out by the Syrian authorities, there was a CNN report about it.
>> 
>> http://articles.cnn.com/2012-02-17/tech/tech_web_computer-virus-syria_1_opposition-activists-computer-viruses-syrian-town?_s=PM:TECH
>> 
>> Best,
>> Susanne
>> 
>> On 15 March 2012 16:53, Andrew Lewis <andrew at pdqvpn.com> wrote:
>> Is there a mailing list or something similar where info can be exchanged, as far as I know people seem to be duplicating work, or not sharing(with telecomix at least)
>> 
>> -Andrew
>> 
>> On Mar 15, 2012, at 2:34 PM, Rafal Rohozinski <r.rohozinski at psiphon.ca> wrote:
>> 
>> > There is a CS  malware working group that's been established. Secdev is involved (via  freedom house supported project) and membership in the working group overlaps with several other groups working in this area including those you listed. The Citizen Lab also has a malware research project that is working on targeted malware attacks that includes Syria.
>> >
>> > Rafal
>> >
>> >
>> > Sent from my PsiPhone
>> >
>> > On 2012-03-15, at 10:21 AM, Andrew Lewis <lta893 at gmail.com> wrote:
>> >
>> >> It looks like at least Telecomix, Torproject and EFF are working on the recent threats to come out of Syria, is there anyone else looking into it besides them? It may also make sense to combine efforts in some way.
>> >>
>> >> -Andrew
>> >> _______________________________________________
>> >> liberationtech mailing list
>> >> liberationtech at lists.stanford.edu
>> >>
>> >> Should you need to change your subscription options, please go to:
>> >>
>> >> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>> >>
>> >> If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"
>> >>
>> >> You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech
>> >>
>> >> Should you need immediate assistance, please contact the list moderator.
>> >>
>> >> Please don't forget to follow us on http://twitter.com/#!/Liberationtech
>> > _______________________________________________
>> > liberationtech mailing list
>> > liberationtech at lists.stanford.edu
>> >
>> > Should you need to change your subscription options, please go to:
>> >
>> > https://mailman.stanford.edu/mailman/listinfo/liberationtech
>> >
>> > If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"
>> >
>> > You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech
>> >
>> > Should you need immediate assistance, please contact the list moderator.
>> >
>> > Please don't forget to follow us on http://twitter.com/#!/Liberationtech
>> _______________________________________________
>> liberationtech mailing list
>> liberationtech at lists.stanford.edu
>> 
>> Should you need to change your subscription options, please go to:
>> 
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>> 
>> If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"
>> 
>> You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech
>> 
>> Should you need immediate assistance, please contact the list moderator.
>> 
>> Please don't forget to follow us on http://twitter.com/#!/Liberationtech
>> 
>> 
>> 
>> -- 
>> Susanne Fischer
>> Middle East Programme Manager
>> susannef at iwpr.net
>> mobile +961 70 211 219
>> 
>> 
>> This electronic mail message and any attached files are intended solely for the named recipients and may contain confidential and proprietary business information of the Institute for War & Peace Reporting (IWPR) and its affiliates. If you are not the named addressee, you should not disseminate, distribute or copy this e-mail.
>> 
>> Institute for War & Peace Reporting. 48 Gray's Inn Road, London WC1X 8LT, UK. Registered with charitable status in the United Kingdom (charity reg. no: 1027201, company reg. no: 2744185); the United States under IRS Section 501(c)(3); and The Netherlands as a charitable foundation.
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
> 
> Should you need to change your subscription options, please go to:
> 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"
> 
> You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> Should you need immediate assistance, please contact the list moderator.
> 
> Please don't forget to follow us on http://twitter.com/#!/Liberationtech
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20120315/2285143a/attachment.html>

More information about the liberationtech mailing list