ESET's WeLiveSecurity blog has released details of Win32/Potao malware attack campaigns on high-value targets in Ukraine, Russia, Georgia and Belarus:
We presented our initial findings based on research into the Win32/Potao malware family in June, in our CCCC 2015 presentation in Copenhagen. Today, we are releasing the full whitepaper on the Potao malware with additional findings, the cyber-espionage campaigns where it was employed, and its connection to a backdoor in the form of a modified version of the TrueCrypt encryption software.
Like BlackEnergy, the malware used by the so-called Sandworm APT group (also known as Quedagh), Potao is an example of targeted espionage malware directed mostly at targets in Ukraine and a number of other post-Soviet countries, including Russia, Georgia and Belarus.
[...] An (A)PT malware family that has gone relatively unnoticed for five years and that has also been used to spy on Ukrainian governmental and military targets is certainly interesting in and of itself. However, perhaps the most attention-grabbing discovery related to this case was when we observed a connection to the popular open-source encryption software, TrueCrypt. We found out that the website truecryptrussia.ru has been serving modified versions of the encryption software that included a backdoor to selected targets. Clean versions of the application are served to normal visitors to the website, i.e. people who aren't of interest to the attackers. ESET detects the trojanized TrueCrypt as Win32/FakeTC. TrueCrypt Russia's domain was also used as a C&C server for the malware. The connection to Win32/Potao, which is a different malware family from Win32/FakeTC, is that FakeTC has been used to deliver Potao to victims' systems in a number of cases. FakeTC is not, however, merely an infection vector for Potao (and possibly other malware) but a fully functional and dangerous backdoor designed to exfiltrate files from the espionage victims' encrypted drives.
From The Register.
(Score: 0) by Anonymous Coward on Saturday August 01 2015, @12:13PM
After a while I fetched my own key from a server only to find that two complete strangers had signed it. I expect they did so because they think well of me but how did that know that was _my_ key?
That doesn't matter. Revoking key is only needed if you lose it, or *you* sign things that turned out to be fake ;)
(Score: 3, Touché) by MichaelDavidCrawford on Saturday August 01 2015, @01:15PM
Suppose you yourself trusted the keys of the two complete strangers who signed mine.
You want to send me a ciphertext, or validate my own sig on a cleartext mail, so you ask gnupg to verify that my sig is within your own web of trust.
It will be, because you trusted the two right chaps who signed the key of a complete stranger that they found on a keyserver.
But in reality, that key belongs to petergunn@cia.gov.
Does that work for you?
Yes I Have No Bananas. [gofundme.com]