Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: SANS Daily Network Security Podcast (Stormcast) for Friday, August 28th 2015 - SANS Internet Storm Center SANS Daily Network Security Podcast (Stormcast) for Friday, August 28th 2015


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

ISC StormCast for Friday, August 28th 2015

SANS Daily Network Security Podcast (Stormcast) for Friday, August 28th 2015
00:00

My Next Class

Defending Web Applications Security EssentialsSan DiegoMay 9th - May 14th 2019
Intrusion Detection In-DepthSan AntonioMay 28th - Jun 2nd 2019

… more classes

Obfuscating Malicious Word Macros Inside PDFs
https://isc.sans.edu/forums/diary/PDF+maldoc1+maldoc2/20079/

Patch For BitTorrent Traffic Amplification Bug
http://engineering.bittorrent.com/2015/08/27/drdos-udp-based-protocols-and-bittorrent/

Adobe Cold Fusion Patch
https://helpx.adobe.com/security/products/coldfusion/apsb15-21.html

Iranian Attackers Phish Google 2FA Tokens
https://citizenlab.org/2015/08/iran_two_factor_phishing/ Get a free ISC sticker (login required):
https://isc.sans.edu/sticker.html
Spotify spotify logo

Discussion

There seems to be no conclusive proof this phishing originated from "Iranian attackers".

The article linked by SANS, in turn references a report by the Israeli company Clearskysec, which in turn references a non-existent Google cache entry from Florida's College of Arts (???). See for yourselves at page 14 of http://www.clearskysec.com/wp-content/uploads/2015/06/Thamar-Reservoir-public1.pdf (version as of today 2015-08-28).

The other "intelligence" could have been intentionally spoofed: Iranian IP addresses (botnet?), a blog in Farsi (with an English name), free Iranian hosting service (without its access logs), domain registration details (can be set/changed to anything) and lastly the phone call in Farsi... I don't always send phishing, but when I do, I always phone in my native language disclosing my nationality and leaving a voice fingerprint.

All I ask is that you please label a guess as such.
Posted by Enos on Fri Aug 28 2015, 05:28

New Discussions closed for all Podcasts older than two(2) weeks
Please send your comments to our Contact Form

Defending Web Applications Security EssentialsSan DiegoMay 9th - May 14th 2019
Intrusion Detection In-DepthSan AntonioMay 28th - Jun 2nd 2019
Defending Web Applications Security EssentialsMunichJul 1st - Jul 6th 2019
Intrusion Detection In-DepthLondonJul 8th - Jul 13th 2019
Intrusion Detection In-DepthBostonJul 29th - Aug 3rd 2019
Defending Web Applications Security EssentialsSan JoseAug 12th - Aug 17th 2019
Defending Web Applications Security EssentialsArlingtonAug 14th - Aug 19th 2019
Defending Web Applications Security EssentialsBrusselsSep 2nd - Sep 7th 2019
Intrusion Detection In-DepthLondonSep 23rd - Sep 28th 2019
Intrusion Detection In-DepthChicagoOct 9th - Oct 14th 2019