2 March 2013. The BOA files malware alert should not detract from the value
of the great release. Delete the pest, extoll the rest.
1 March 2013. Source of BoA malware email:
http://par-anoia.net/assessment/us/bofa/allTexts/emails/55. 1_13_2012 - EWT
Inactive link is deliberate. This email contains active malware, do not run
if downloaded. AV may automatically delete if downloaded:
Here is a neutered version in PDF (scanned OK by Norton AV):
It is peculiar that the BoA security team did not appear to recognize that
attaching malware to an email, or including it in body text, can infect the
email servers handling the email as well as networked servers and extended
networks. The same peculiarity applies to HBGary, for example, which regularly
exhanged malware attachments to email or within body text "for analysis"
without isolation in secure containers for transmission. That shoot-in-the-foot
negligence can apply to those posting malware to IRC, drop boxes and pastes.
Ironically, it could apply to Par-AnoIA and downloaders of infected BoA files
that were not blocked by AV programs. Whether the peculiarity, negligence
and lack of oversight is due to skills vanity, ignorance, accidental or
deliberate is ponderable. To be sure, some cybersecurity wizards distrust
commercial security products in favor of business to promote their home brews
of 24x7 staffing armed with classified research and secret means and methods,
i.e., CyberCommand and its contractors.
1 March 2013
Malware in Bank of America Files
A reports that Par-AnoIA's release of
Bank of America files contained malware in the two BankOfSpooks files (and
that there may be others):
Cryptome confirmed the malware in BankOfSpooks.tar.gz, but its version of
BankOfSpooks.tgz did not have that email, jumping from email 54 to email
56 (both files downloaded on 28 February 2013).
It is to be expected that security reports reference malware and may contain
the malware as examples, active or neutered. The HBGary files contained numerous
examples of malware, including Stuxnet and other APTs.
In addition, security experts plant malware, genuine and spoofed, as poison
pills or APTs to trace, combat and counterattack attackers, to deceive and
scare downloaders and to muddle publicity about attacks. Competitors plant
malware to disparage products and services. AV firms plant malware to boost
the market. Governments plant malware to increase fear, doubt and dependency
on national security. Hackers plant malware for lulz and braggardy. Malware
-- and reports of malware -- can be an attention-getting hoax as with
any form of fear-driven security.
Malware can be invented, planted and discovered by cybersecurity and AV experts
to exploit fearful clients, governments, citizens, users and in complicity
with other experts and their witting and unwitting hackers -- cyberwarfare
is booming thus mostly war-time profligate waste, duplicity, treachery and
It has not been determined if the BoA malware is genuine, benign, spoofed,
neutered, poison pill, APT or cyberwarfare run amok by dreams of BoA accumulated
Cryptome reported the malware to Par-AnoIA:
Date: February 28, 2013
Subject: Reported Virus in BoA Files
You have probably heard already about a reported virus in your two BankOfSpooks
files. Email infection is reported for:
55. 1_13_2012 - EWT - TACTO.txt
Our copy of .tgz does not have 55, but it is in .tar.gz, both downloaded
Someone reports the virus in both .tgz and .tar.gz.
Great release, congrats