Garfield Garfield True, or the story behind Syrian Malware, .NET Trojans and Social Engineering
It’s been a while since the last massive Internet outage took down Syria’s backbone network (AS29386). More recently, however, Syria suffered yet another large-scale Internet black out that lasted for about seven hours. In contrast to previous incidents, where networking routes began to disappear gradually from border routing devices, this time a cut off fiber optic cable was deemed responsible for leaving most of the country off-line.
Given the complexity of the current political situation, there are many different factors which could be involved in this event, but from the outside these are all largely speculative. Pro-government groups will talk about sabotage and opposition activists will talk about censorship. Here, we’ll only focus on malware and the facts that have been found during the analysis, presenting only relevant information in the hope of setting a clear context for this research.