TOP SECRETHCOMINTHREL TO USA. AUS, CAN, GBR. NZL An Eas - Using TOP TO USA. AUS, CAN, GER, NZL "1:34 Overall classification REL TO USA, AUS, CAN, GBR, NZL BRICKTOP (2009) Tascom RusComNet Kaspersky Rosoboron nstitute oflnformation mt Moscow TelecommunicaTion Analytical Technology corporation Comstar Komet "Rail? Kacnepcxoro a Jo?. Sample Email Received by an AV Vendor PWZA201 2051 021 8350000 1 97506 Good day, A phishing scam file is attached for your analysis. Zip file password virus The file tricks the user into giving her/ his bank account credentials. This can be verified by clicking on the Sign In button. FYI: .. Regards, Francois Picard NewRoma. net Attachment: BMOFinancialGroup.zip Work Flow Analytic value brings in ~10 potentially malicious files per day for malware triage Over 500 potentially malicious files collected since 2009 aa- 50 CAMBERDADA signatures deployed to for alerting iris?39 domains mitigated DNS Interdiction e9 domains under DNS Interdiction Cloudshield intercepts the DNS request Returns the address of a listening post ieMunged version of the request is sent out DNS response is sent to a log Current status CRN 550 Overhead SCS FORNSAT gem L-C-2010-147 Multi-Country: Computer Network Ops Dozens of CADENCE selectors PINWALE daily queries; models What else can we do? can repu rpose the malware Check Kaspersky AV to see if they continue to let any of these virus files through their Anti- Virus product iaMonitor the folks who provide the malware to see if they?re into more nefarious activity Establish automated reporting More Targets! fsb-antivirus Bit-Defender . . (France) (Romania) eAladdin Norman (Israeu secure Drwe'D AVG F'Prot Norwa . (Czech) (Iceland) Y) (F?nland) Hau? k7computing Ikarus (Korea) A b.t (India) (Austria) ma Antly Avira (POLand) (Chinese) (Germany) SIDS/Emergency N0d32' Novirusthanks (Slovakia) (Slovakla) Ahnlab (Italy) (5 Korea) Emsisoft Eset Avast Checkpoint (Austria) (Slovakia) (Czech) (Israel) - co~< TOP SECRETNCOMINTHREL TO USA, AUS, CAN, GER, NZL 4121 V252 (S) (S) De?ved From: 1-52 Dated: 20070108 Declass'rfy On: 20370301 TOP SECRETNCOMINTHREL TO USA. AUS, CAN, GBR, NZL