Proving malware is different than proving attacker by Matt Jezorek

Proving malware is different than proving attacker

By Matt Jezorek on 24 Oct 2011 | Comments

Brian Krebs recently wrote an article titled Who Else Was Hit by the RSA Attackers? and while it was an interesting read it has a fundamental flaw.

Based only on the article alone we can say that the networks in question have/had malware on the network talking to command and control networks. These networks may have been used in the RSA attack. However one thing that is not known is the tenancy of the command and control networks.

I do not have access to the same data that Krebs does and he has reported he is not at liberty to give the data out so at this point I can only assert that Proving malware is not the same as proving the attacker.

I would be interested in seeing the data and how it was determined that the attacker is the same. I am not concerned about who actually provided the data.

blog comments powered by Disqus

Search this site

About me

I started my life as a ASP classic developer and have since written code in ASP, ColdFusion, C, C++, PHP, Perl, Ruby, Python and others.

I have filled the role of developer, systems architect, unix administrator, application architect, as well as network security analyst. Currently I am working toward my masters and several certifications. I finished my OSCP and recommend anyone who enjoys security and penetration testing to take a look at it.

This is my personal blog, where I will write mainly about my adventures, code, security research and various thoughts. I also write a few other blogs like Scam Times

Contact

Resume: Resume (pdf)
Pub Key: GPG
Email: [email protected]
Twitter: @MattJezorek