Country of Myanmar DDoS

I skimmed an article on this earlier today, and didn’t pay much attention to it, thinking “eh, some tin-pot in another far-flung dictatorship’s up for “re-election” and wants to insulate the country from the rest of the world so his influence peddaling goes un-noticed”.  When my boss comes up to me and asks if I’m aware, I know that I had better be paying attention to more than whether we have an office there or not…

This is certainly a massive DDoS attack, estimated at between 10 – 15 Gigabytes per second of bandwidth being focused on the country’s Ministry of Post and Telecommunication, the main conduit for Internet traffic in and out of the authoritarian nation.  It has effectively cut Internet connectivity in Myanmar, just 3 days before the nation’s first election in 20 years.

Slow connections and occasional outages were being reported for more than a week, but today network traffic was completely halted, according to BBC reports.  Web service providers said outside attackers were to blame, but some residents suspect the military-ruled nation’s government is behind it all.

Britain, the United States and the European Union maintain long standing economic sanctions against Myanmar to pressure the military government to improve human rights and release over 2,000 political prisoners.  Foreign journalists have not been allowed into Myanmar to cover the polls, criticized by the west as a ploy to maintain the military’s control.  British ambassador Andrew Heyn said the vote was a “badly missed opportunity” offering no hope for democratic change.  With increasing tension, the government has canceled voting in 3,400 villages in ethnic areas and has increased its military presence throughout the countryside.

The military has ruled Myanmar, earlier known as Burma, since 1962, and the international community believes  that harsh restrictions on campaigning, the repression of opposition parties and the new constitution reflect the military’s intention to continue its commanding role.

http://threatpost.com/en_us/blogs/massive-denial-service-attack-severs-myanmar-internet-110310

Advertisements

Light Microsoft November Patch Bundle

Microsoft has published its pre-announcement for next Tuesday’s patch release.  Thankfully, a lighter bundle than what we have seen from Microsoft lately. 3 patches in total, against 11 vulnerabilities;

  • One CRITICAL remote code execution vulnerability patch in all supported versions of Office
  • One Important remote code execution vulnerability patch in Powerpoint 2002 & 2003
  • One Important privelege elevation vulnerability patch in Forefront Unified Access Gateway

http://www.microsoft.com/technet/security/bulletin/ms10-nov.mspx

HBGary – Roll Your Own Malware Signatures

HBGary, makers of Active Defense and a half dozen FREE Tools that are always in my kit (like Fingerprint and Flypaper) is coming out with a ‘do-it-yourself’ tool to help security managers contain and control Windows-based malware attacks, or prevent them while a zero-day outbreak is underway. The product is in beta now and is expected to ship by year end.  Pricing has not yet been announced.

Inoculator is an appliance that typically sits inside the network, close to Active Directory, and performs detection scans on Windows-based desktops and servers for signs of malware.  The idea is that the Inoculator security manager will be able to create a specific signature defense for a detected malware specimen, even before anti-virus vendors come up with one.  A/V vendors have been known to take a day or more to develop and distribute their signatures, even when well-recognised zero-day attacks have started.

The detection process requires Inoculator to connect via remote procedure call to the end node with privileged access so it can carry out the scan.  HBGary’s scan process will look for things such as Zeus bots that are often missed by anti-virus.  In general, it will look for ways malware can affect a computer system, such as registry keys, event logs and other indicators.  The best case scenario suggests that information about infections picked up by Inoculator or other means would be collected centrally by a security information and event management product.

HBGary Press Release