Cyber Incidents Suspected of Impacting Private Sector Networks
From time to time I receive information from the Department of Homeland Security or Secret Service regarding aspects of Internet security. As a network administrator for several networks, I’m tasked with the responsibility of taking every measure possible to mitigate possible threats. These reports help me in doing so. I’ve been given permission to share this report with you.
Attached is a report (CIIN-07-332-01 US CERT Cyber Incidents Impacting Private Sector) distributed by U.S. CERT. CERT has identified sophisticated attempts to compromise private sector networks, including critical infrastructures. CERT has requested that we distribute this report to our N-TEC partners. This information will be helpful for those who are responsible for network security. Please fill free to forward this e-mail to other companies not listed on this distribution list. CERT has provided an email link to report any validated incidents involving this activity and assistance.
So, I should be able to share it, according to the email I received. Attached is a report (CIIN-07-332-01) distributed by U.S. CERT. CERT has identified sophisticated attempts to compromise private sector networks, including critical infrastructures. This information will be helpful for those who are responsible for network security.
Update: Due to US-CERT contacting me and wanting me to remove the article, which under DCMA rules I’m required to due to so I don’t get into trouble, whether I don’t know if they have that actual authority, I’ve gone ahead and removed the article from my webhost. However, you can find the report on several bittorrent sites:
http://www.mininova.org/tor/1026753
US-CERT is providing the following signatures to help detect potential malicious activity related to this report:
windowupdates.net
210.11.174.71
huigezi.com
daystar.meibu.com
huigezi.org
mylostlove1.6600.org
localhost.3322.org
cvnxus.8800.org
3322.net
sasi.xicp.net
3322.org
likeyoug.9966.org
60.248.47.52
jieyu007.3322.org
83.149.65.105
8866.org
59.33.247.30
9966.org
219.150.93.35
8800.org
If running a firewall or IDS, these should be added to signatures, especially at border devices. If you don’t have the capability of adding these to border devices, I recommend you take a look at Snort.