Israel Police pulled computers offline due to RAT infestation
Posted on 30 October 2012.
Trend Micro researchers have managed to get their hands on the malware that caused the Israeli Police Department to pull all of its systems offline last Thursday, and the analysis revealed that it's a so-called Remote Access Trojan (RAT).

According to The Times of Israel, investigation into the matter revealed that police servers and computers may have been compromised almost a week age before the presence of the malware was first discovered.

The attack was not sophisticated - the malware was delivered via an email titled "IDF strikes militants in Gaza Strip following rocket barrage" and sent from the email address.

Obviously, some of the recipients were fooled into believing that the email was sent by Benny Gantz, the current Chief of General Staff of the Israel Defense Forces, and have downloaded and opened the attached Report & Photos.rar file.

The file was an Xtreme RAT, able to receive commands from remote attackers and to make screenshots, record audio and steal information from the compromised systems. It is also Windows 8 compatible.

The Israeli police is said to have banned employees from using outside media (USBs, portable discs, etc.) on police systems from now on, but will surely also have to institute some security awareness training for them.

Needless to say, it is still unknown who initiated the attack, but speculations about it being orchestrated by Iranian state-sponsored hackers abound.


VPN protocol flaw allows attackers to discover users' true IP address

The team running the Perfect Privacy VPN service has discovered a serious vulnerability that affects all VPN providers that offer port forwarding, and which can be exploited to reveal the real IP address of users.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Nov 30th