August 10, 2011

Tracing the advanced persistent threat: Interview with Joe Stewart

While McAfee's recently released "Shady RAT" report concentrated on the victims of a mass cyberespionage ring, another researcher has decided to focus his attention on the adversaries behind such attacks. In a video recorded last week at  the Black Hat conference in Las Vegas, Joe Stewart of Dell SecureWorks explains how he was able to trace 60 families of custom malware thanks to error messages yielded by a "connection bouncer" tool used by the hackers to hide their tracks, but which inadvertently pointed back to about a dozen command-and-control centers hosted by ISPs in China. Two of the malware families are known to have been used in the RSA SecurID breach. "It gives you a better line on attribution," Stewart told SCMagazineUS.com.
Related Articles
Related Topics

Sign up to our newsletters

More in Videos

Video: Corporations defending IT infrastructure

John McClurg, vice president of Dell Global Security, discusses some of the threats posed to corporations today, and how security professionals should assess them in order to implement successful security strategies.

Video: Impacts of the executive order

Ahren S. Tryon, attorney at Cozen O'Connor, discusses the recent executive order, as well as the concerns of privacy in relation to information sharing between the public and private sector.

Video: Advanced attacks in today's threat landscape

In this video, Greg Masters, managing editor for SC Magazine, sits with Tomer Teller, security evangelist and researcher for Check Point Software Technologies, to discuss some of the advanced threats that enterprises are facing today.