
Symantec found evidence of Longhorn against 40 targets spread in 16 countries - _a_
https://www.symantec.com/connect/blogs/longhorn-tools-used-cyberespionage-group-linked-vault-7
======
gwu78
OT.

Symantec: Why _require_ Javascript? Why not make it _optional_?

For users who do not use Javascript to read news:
[https://www.symantec.com/connect/tr/blogs/longhorn-tools-
use...](https://www.symantec.com/connect/tr/blogs/longhorn-tools-used-
cyberespionage-group-linked-vault-7)

------
happycube
Too bad it's not like Microsoft's Longhorn - then it would have been delivered
years late as a shadow of it's promised self (Vista) ;)

~~~
simlevesque
And it would be deprecated tomorrow [1]

[1] [https://support.microsoft.com/en-
ca/help/22882](https://support.microsoft.com/en-ca/help/22882)

~~~
insulanian
Nice catch :)

------
curiousgal
>On one occasion a computer in the United States was compromised but,
following infection, an uninstaller was launched within hours, which may
indicate this victim was infected unintentionally.

How do they know that?

~~~
ttctciyf
They're being polite to the CIA whose charter forbids domestic ops (or at
least severely constrains them.)

------
driverdan
It's nice that Symantec has shared this info but their attempt at neutrality
is frustrating.

Based on their data they could easily state that Longhorn is a CIA group. They
also didn't provide any links to WikiLeaks for people to learn more about what
Vault 7 is.

~~~
jfoster
Would they want to know for absolute certain the source of it, or if they did
know, would they want to acknowledge that? Suppose it is from the CIA, they
acknowledge it, and then add removal of it to their tools. They (NASDAQ-listed
public company) would have then just knowingly acknowledged interfering with
the activities of the intelligence agency in the country in which they
operate.

I think it's smart for Symantec to remain completely neutral and unassuming.

------
janwillemb
> [Longhorn] has used a range of back door Trojans in addition to zero-day
> vulnerabilities to compromise its targets.

I genuinely don't see the added value of antivirus corporations in this or
anywhere else. Better tactics are:

\- patch

\- educate wife and children

~~~
munin
My wife has a PhD and ran up to date Firefox with noscript, Flash disabled,
and ad-blockers, uses webmail, and doesn't install software or download
executables in general. She still got hacked, due to a bug in Firefox that was
exploited despite having noscript and Flash disabled.

How, exactly, would you have educated her?

~~~
xorblurb
Real question: what kind of website she visited to get such infection? It's
quite uncommon (even though theoretically an existing risk pretty much
everywhere, and probably even not that hard to do if you control a website)

~~~
munin
reddit, imgur, news sites. It was via an ad delivered over an ad network, so
who knows really.

~~~
janwillemb
How come the adblocker didn't block the ad network?

~~~
munin
I blame the ad blocker / ad network arms race.

------
azinman2
I wonder if qihoo 360 or other Chinese security companies would post such blog
entries on Chinese intelligence malware and operations in a similar vain. Same
for Russia.

~~~
linkregister
Kaspersky just announced a comprehensive report on the Moonlight Maze Russian
government campaign against U.S. military networks in the 1990s.

Kaspersky has also published at least two recent (last 10 years) campaigns
attributed to the Russian government or state-aligned actors.

