AVIEN Malware Defense Guide for the Enterprise > Chapter 5: Cregraveme de la Cybercrime > "Wicked Rose" and the NCPH Hacking Group

Table of Contents

Download Safari Books Online apps: Apple iOS | Android

Entire Site

Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

This Book

AVIEN Malware Defense Guide for the Enterprise

Search

Table of Contents

Front Cover

AVIEN Malware Defense Guide for the Enterprise

Lead Author and Technical Editor

Chapter 1: Customer Power and AV Wannabes

Chapter 2: Stalkers on Your Desktop

Chapter 3: A Tangled Web

Chapter 4: Big Bad Botnets

Chapter 5: Cregraveme de la Cybercrime

Introduction

Old School Virus Writing

The Black Economy

"Wicked Rose" and the NCPH Hacking Group

Introduction to NCPH

Public Knowledge of a Zero-day Word Exploit

The GinWui Backdoor Rootkit Payload

June 21, 2006-2007 - Continued US Targeted Attacks

Backtracking Targeted Attacks: RipGof

Timeline of Events

Introduction to Wicked Rose and NCPH

How Did NCPH Begin?

Lurkers in Your Crystal Ball

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 6: Defense-in-depth

Chapter 7: Perilous Outsorcery

Chapter 8: Education in Education

Chapter 9: DIY Malware Analysis

Chapter 10: Antimalware Evaluation and Testing

Chapter 11: AVIEN and AVIEWS: the Future

Appendix A: Resources

Appendix B: Glossary

Index

Crème de la Cybercrime · Chapter 5 193 Now, however, Ken Dunham and Jim Melnick look at the operational history of the Network Crack Program Hacker (NCPH) hacking group. "Wicked Rose" and the NCPH Hacking Group Zero-day attacks, where an attack occurs before the vulnerability it exploits is publicly known, are a growing cause of concern for security professionals in the 21st century. An unprecedented number of zero-day attacks took place in 2006, most of them involving Microsoft Office documents. Ken Dunham, Director of the Rapid Response Team, and Jim Melnick, Senior Threat Intelligence Analyst, led the VeriSign iDefense intelligence team in tracking down Chinese hackers-for-hire, responsible for many of the attacks in 2006. "Wicked Rose" or "Rose Hacker" (MeiGei HeiKe) is the ring-leader of the NCPH hacking group, and this is the story of their maturation into a significant global threat. Introduction to NCPH NCPH has about ten members or associates.There were four core members as of 2006: (Wicked) Rose KuNgBiM Rodag Charles There are also at least six other associates within the group, others who have a connection of some kind, as well as two additional positions (apparently unfilled) whose purpose is unclear. However, "Rose" or "Wicked Rose" seems to be the primary leader. Membership rules, recruiting goals, and standards are unknown. However, some members appear to be current or former students of Sichuan University of Science and Engineering (www.suse.edu.cn and www.study-in-china.org/school/Sichuan/suse/). The group is believed to be responsible for the development and deployment of exploit code related to vulnerabilities in Microsoft Word (Malformed OLE Structure Code Execution) and Microsoft Excel (Malformed BIFF Structure Code Execution.) Public Knowledge of a Zero-day Word Exploit The story of NCPH zero-day attacks began, as far as the public are concerned, on May 18, 2006. On this day, the Internet Storm Center reported a new attack, possibly a zero-day attack. iDefense worked closely with the SANS Institute and other organizations to analyze www.syngress.com

Download Safari Books Online apps: Apple iOS | Android

This Book

Search

Contents

Chapter 5: Cregraveme de la Cybercrime > "Wicked Rose" and the NCPH Hacking Gro... - Pg. 193