Tech | February 18, 2011 | 5 comments

HBGary ~ General Dynamics: Proposal for Development of a "MALWARE VIRUS: Project for US Government

Image
gerardange
General Dynamics has selected HBGary Inc to provide this proposal for development of a software application targeting the Windows XP Operating System that, when executed, loads and enables a covert kernel-mode implant that will exfiltrate a file from disk (or other remotely called commands) over a connected serial port to a remote device. The enabling kernel mode implant will cater to a command and control element via the serial port. The demonstration will utilize an exploit in Outlook as the delivery mechanism for said software application. The subsequently loaded implant will be stable and will not crash the demonstration system. A usermode component will be included as part of the exploitation package that exercises the kernel mode implant for demonstration purposes. The loaded implant will use the connected serial port to remotely enable functions which can be visible on the collection computer connected on the other end of the serial line. The purpose of the demonstration setup is to verify the functionality for the customer and validate that all work has been completed.

Primary Objectives:

• Development of a kernel-mode implant that is clearly able to exfiltrate an on-disk file, opening of the CD tray, blinking of the keyboard lights, opening and deleting a file, and a memory buffer exfiltration over a connected serial line to a collection station. For demonstration, a null modem cable will be used to connect the collection station
• The use of a standard Outlook Exploit as a delivery mechanism for the implant, with the intention being that any suitable exploit could be used for the same.
• As part of the exploit delivery package, a usermode trojan will assist in the loading of the implant, which will clearly demonstrate the full capability of the implant.
• Test set (which will consist of two computers networked together via a null modem cable using HyperTerminal) that can reliably and repeatedly demonstrate the exploit and subsequent implant capability of the system.

GO TO STORY:
http://publicintelligence.net/hbgary-general-dynamics-malware-development-projec...
  1. groups:
    Community,   News and Politics,   Tech,   Collective Journalism,   1 more
  2. tags:
    Corruption CIA Fascism Patriot Act 6 more
  3.     
    |

5 comments // HBGary ~ General Dynamics: Proposal for Development of a "MALWARE VIRUS: Project for US Government

  • Paisano1
  • good_stuff
    • 0
      good_stuff  

    • Didn't they already release a fix for the Outlook Exploit? Would it reduce their capabilities if I delete outlook, or is it hardwired into Windows like Explorer?

    • 2 years ago
  • ze
    • 0
      ze  
    • good_stuff:

      Microsoft is constantly fixing vulnerabilities in its code-base. Best things to do (if you are going to run Windows and use MSFT programs like Outlook) are:
      1. Leave Microsoft Update Service Running, and have it check nightly.
      2. Familiarize yourself with the awesomeness (NOT) that is "Patch Tuesday" : http://en.wikipedia.org/wiki/Patch_Tuesday
      3. Use some kind of firewall/Anti-Virus (Norton/McAfee/etc)

      With a proper Administrator account, you should be able to remove Outlook if you like.

    • 2 years ago
  • ze
    • 0
      ze  

    • 1. Is this the same HBGary that was so embarrassingly exploited by Anonymous? Either someone at GD didn't get the memo, or they're looking to get soc-eng'd by a 16-year-old with the very same piece of code. Better start patching your internet facing servers, GD...

      2. I dunno... an exploit using Outlook, via serial model connection on WinXP? That's soooo... like... 2002... ish. Does that mean that exploiter and machine have to be have to be in the same room once, so exploiter can attach something to serial port? Really? What's the last thing GE plugged directly into any computer's serial port? A printer seven years ago maybe? Look, lots of people and businesses are still running that pile of bollox known as IE6. That turd which makes the Aurora exploit feasible... yeah. There's lots of easier ways to do this.

      3. All the more reason to deploy servers using Linux/UNIX/MacOS, and to not use legacy mail clients like Outlook.

      4. Further proof that military contractors will spend lots of money (and charge the Gov't) for things like "toilet seats".

      :)

    • 2 years ago
  • cool0ne
more from Tech:
from the community

top videos