Two weeks ago, news desks across the UK were throbbing with rumours that the "industrial-strength" Trojans attacking the country's most important government agencies and businesses were coming from China.
But no one could confirm it.
At least not until today, when email security company MessageLabs reluctantly admitted to silicon.com that China is indeed the country the malicious programs try to communicate with. But it also told us that hackers could be controlling the attacks from anywhere in the world.
The UK's National Infrastructure Security Co-ordination Centre (NISCC), which issued the original warning about the Trojans, would only say the attacks were coming from the Far East, admitting it couldn't be sure where they originate.
But there is a more important issue than the location of the hackers.
The attacks, which the NISCC originally spotted in January, were only reported in mid-June, which begs the question, why has the government taken so long to react?
If the NISCC's sole purpose is to inform people and share knowledge with the businesses and government bureaus that make up the Critical National Infrastructure, why did it not speak out sooner? Even if it was only partially aware something bad was happening, wouldn't it be better to alert the industry sooner rather than later? Apparently our government thought not.
The reluctance to finger China in the Trojan wars surely highlights how international politics have worked their way into the online world.
Case in point: antivirus companies Computer Associates, F-Secure, Kaspersky, Sophos and even initially MessageLabs wouldn't comment on which country the Trojans were coming from. When we asked Sophos to show us the Trojans it had detected, so we could examine them ourselves, it refused.
These are the same companies that regularly ask the press to publicise online threats for the greater good - usually the ones involving Michael Jackson, the Pope or Britney Spears. But the moment they're asked to comment on something important, they all go quiet.
The message is clear for these keepers of knowledge - the NISCC and antivirus community alike - share your knowledge and we'll all find the antidotes to these threats much quicker. Hoard it, and the dangers become greater.
Comments
There is 1 comment. Join the discussion
1. anonymous
It is more that we do not dare tell you.
They are simple to trace - using traceroute while active. Even I have help to bring them down. The problem is Windows. Check that the LDAP ports are disabled on the firewall, and watch the MDM debugger.
Akamai has developed technology that enables them to hide behind cached pages.
We need openess around this. Most trojans are simple - at least to "the old people". They are seldom technological "advanced" and would have been very simple for Microsoft to stop if they wanted to.
E.g. Why can't you restrict access to all scripting modules? includiung debuggers? And honestly: A kernel debugger is not needed - very few dares play change the Windows kernel. So Why is the debugger available?
So post every trojan.
Share your knowledge - but please allow me to hide my own whereabout on the net.