The tally of digital certificates stolen from a Dutch company in July has exploded to more than 500, including ones for intelligence services like the CIA, the U.K.’s MI6 and Israel’s Mossad, a Mozilla developer said Sunday.

The confirmed count of fraudulently-issued SSL (secure socket layer) certificates now stands at 531, said Gervase Markham, a Mozilla developer who is part of the team that has been working to modify Firefox to blocks all sites signed with the purloined certificates.

Among the affected domains, said Markham, are those for the CIA, MI6, Mossad, Microsoft, Yahoo, Skype, Facebook, Twitter and Microsoft’s Windows Update service.

For the full article, see here.

These 175 phishing messages were received over the course of 18 months by one recipient, who also happens to be a former Taiwan government official and an expert on China. The recent exploits used are mostly CVE-2010-3333 and CVE-2011-0611 and CVE-2010-2883 but you will find a good variety, as well as a lot of RAR files with RTLO and exe. The senders and the recipient are in Asia so these document give you a good idea about the phishing landscape there (in many ways it is similar to what you see in USA, for understandable reasons).

There might be a few documents that are not malicious, esp. image files.

The first folder inside zip contains files named as DATERECEIVED_NAME.EXT and the second has the same files named DATERECEIVED_SENDERADDR_SUBJECT_NAME.EXT.

For the full article, see here.

Agents of the East German Stasi could only have dreamed of the sophisticated electronic equipment that powered Col. Muammar el-Qaddafi’s extensive spying apparatus, which the Libyan transitional government uncovered earlier this week. The monitoring of text messages, e-mails and online chats — no communications seemed beyond the reach of the eccentric colonel.

What is even more surprising is where Colonel Qaddafi got his spying gear: software and technology companies from France, South Africa and other countries. Narus, an American company owned by Boeing, met with Colonel Qaddafi’s people just as the protests were getting under way, but shied away from striking a deal. As Narus had previously supplied similar technology to Egypt and Saudi Arabia, it was probably a matter of public relations, not business ethics.

For the full article, see here.

¶40. (U) Worldwide – Has “GhostNet” been seen within the USG?

¶41. (S//REL TO USA, FVEY) Key highlights:
o Canadian researchers recently identified a “cyber-espionage” network.
o Domain names identified in the IWM report have been identified during previous BH activity.
o Tenuous connections were made between the reported hostile domains and the PLA First TRB.
o The Gh0st RAT tool used in Tibetan attacks has also been detected in incidents involving a DoS LES in Japan.

¶42. (U) Source paragraph: “A vast electronic spying operation has infiltrated computers and has stolen documents from hundreds of government and private offices around the world, including those of the Dalai Lama, Canadian researchers have concluded. … The researchers, who have a record of detecting computer espionage, said they believed that in addition to the spying on the Dalai Lama, the system, which they called GhostNet, was focused on the governments of South Asian and Southeast Asian countries.”

For the full cable, see here.

The article noted that “the system resembles the Koobface botnet researched and documented by the Monitor in November 2010″. It concluded that “while the scam isn’t obviously affiliated with the Syrian Electronic Army, the phishing attack fits with the group’s past activities”.

For the full article, see here.

Multiple servers used to maintain and distribute the Linux operating system were infected with malware that gained root access, modified system software, and logged passwords and transactions of the people who used them, the official Linux Kernel Organization has confirmed.

The infection occurred no later than August 12 and wasn’t detected for another 17 days, according to an email John “‘Warthog9″ Hawley, the chief administrator of kernel.org, sent to developers on Monday. It said a trojan was found on the personal machine of kernel developer H Peter Anvin and later on the kernel.org servers known as Hera and Odin1. A secure shell client used to remotely access servers was modified, and passwords and user interactions were logged during the compromise.

For the full article, see here.

Chinese regulators, often criticized both in and outside of China for manipulating public opinion by interfering with the flow of information online, have shut down 6,600 websites in their efforts to clamp down on “illegal public relations deals” that employ similar tactics for commercial gain.

According to state-run newspaper China Daily, telecommunications authorities shut the websites down as part of a campaign against bad public relations practices launched in April by the State Internet Information Office, recently set up to oversee Internet regulation, and several other government agencies.

The websites involved “illegal groups which claimed to specialize in deleting online news stories and posts with negative influences or hiring other netizens to spread certain kinds of information or opinions on the Internet” for deals totaling more than 1.13 million yuan ($177,000).

For the full article, see here.

Many fake antivirus businesses that paid hackers to foist junk security software on PC users have closed up shop in recent weeks. The wave of closures comes amid heightened scrutiny by the industry from security experts and a host of international law enforcement officials. But it’s probably too soon to break out the bubbly: The inordinate profits that drive fake AV peddlers guarantee the market will soon rebound.

During the past few weeks, some top fake AV promotion programs either disappeared or complained of difficulty in processing credit card transactions for would-be scareware victims: Fake AV brands such as Gagarincash, Gizmo, Nailcash, Best AV, Blacksoftware and Sevantivir.com either ceased operating or alerted affiliates that they may not be paid for current and future installations.

On July 2, BestAV, one of the larger fake AV distribution networks, told affiliates that unforeseen circumstances had conspired to ruin the moneymaking program for everyone.

For the full article, see here.

Security firm F-Secure has discovered a bot that compromises Twitter accounts to help in the generation of Bitcoins.

Bitcoin is a decentralized virtual currency that was formed by programmers in 2009, and is generated by programming computers to calculate highly complex math problems. The more computing power you have, the faster you can create Bitcoins; this is why Bitcoin rigs often look like massive sculptures of connected servers.

According to an F-Secure blog post, the Twitter-based command generates a bot that can control the Twitter user’s computer and add it to a bitcoin mining rig.

For the full article, see here.

The media are in a frenzy today, excitedly reporting the “biggest ever cyber-attack”.

The reason? A report published today by McAfee called “Revealed: Operation Shady RAT”, explains that the security firm stumbled across logs on a server used by hackers, and ascertained that organisations and governments around the world had been targeted by malware that could have stolen information from their systems.

The report names the governments of the United States, Taiwan, India, South Korea, Vietnam and Canada, the United Nations, the International Olympic Committee (IOC), and assorted companies amongst the victims.

To be honest, there’s nothing particularly surprising in McAfee’s report to those of us who have an interest in computer security.

For the full article, see here.